I am developing a system based on the am3352.
We are trying to have secure access for the whole system.
- For the HTTPS access, the default cipher suite is AES-256-GCM based,
- For the SNMPv3, the encryption is based on AES-128-CFB
- The SSH access is based on AES-128-CTR
The default omap-aes.c in the Linux kernel supports the following modes:
- AES-ECB
- AES-CBC
- AES-CTR
This means only the SSH can take advantage the HW accleration. The HTTPS and SNMPv3 falls back to SW implementation.
Supposedly, the OMAP_AES supports the following:
ECB, CBC, and CFB-128 encryption
CTR and F8 encryption with 16/32/64/96/128-bit counter
XEX (disk encryption)
CBC-MAC authentication including the CMAC/OMAC/PMAC subflavors
F9 authentication
GCM and CCM aead
From another thread, it seems GCM is difficult, how about CFB? Is there a solution for this mode?
For the web, we might be able to change the WEB server to use different cipher suite, but SNMPv3 only defines CFB.
Regards,
Jing