Skip to content

Add MACsec (IEEE 802.1AE) to wolfIP: software SecY + wolfMKA control plane#143

Draft
dgarske wants to merge 1 commit into
wolfSSL:masterfrom
dgarske:macsec_wolfmka
Draft

Add MACsec (IEEE 802.1AE) to wolfIP: software SecY + wolfMKA control plane#143
dgarske wants to merge 1 commit into
wolfSSL:masterfrom
dgarske:macsec_wolfmka

Conversation

@dgarske

@dgarske dgarske commented Jul 10, 2026

Copy link
Copy Markdown
Member

Summary

Adds a clean-room, in-stack MACsec data plane to wolfIP and integrates the wolfSSL wolfMKA library as the MACsec Key Agreement (MKA) control plane. A wolfIP device can now bring up an authenticated and encrypted Layer 2 link using only wolfIP and wolfSSL - no operating system, kernel MACsec, or hardware offload required - which is what a substation LAN, an automotive backbone, or any "do not trust the switch fabric" network needs below IP.

wolfIP owns the data plane it is best placed to own (a small, allocation-free software SecY); the mature, formally verified MKA state machine comes from wolfMKA.

What is added

  • 802.1AE software SecY (src/macsec/macsec_crypto, macsec_secy, macsec_sa): the 802.1X-2010 AES-CMAC key hierarchy (KDF, CAK/CKN, KEK/ICK, SAK, ICV), and the frame transform - SecTAG build/parse, GCM-AES-128/256 protect/validate, integrity-only and confidentiality-offset (0/30/50) modes, per-Secure-Association packet-number sequencing and a replay window. All on wolfCrypt; no dynamic allocation.
  • wolfMKA control-plane adapter (src/macsec/mka_wolfmka.c/.h): bridges the wolfMKA KaY to wolfIP - maps wolfMKA's MkaSecyOps onto the software SecY, carries EAPOL-MKA frames over wolfIP's L2 transport, wires wolfMKA's RNG/CMAC workspace pools, and supports a pre-shared CAK or one derived from wolfIP's EAP-TLS MSK.
  • Host tools and interop tests (tools/macsec/): macsec-probe (byte-level SecY cross-check against the kernel macsec module), macsec-sta (the wolfMKA participant over an AF_PACKET raw socket), and the veth-based interop and data-plane scripts.

Build

  • make WOLFIP_ENABLE_MACSEC=1 builds the software SecY and its unit tests. This has no external dependency and is usable with a statically installed SAK.
  • Add WOLFMKA_DIR=<path-to-a-wolfMKA-clone> to also build the MKA control plane (the adapter, the wolfMKA sources, and macsec-sta). wolfMKA is consumed from a local clone, not a submodule.

Dependency

The MKA control plane is provided by wolfMKA: https://github.com/wolfSSL/wolfDen/tree/main/mka

The wolfIP build compiles wolfMKA with its L2-address ICV option enabled (WOLFMKA_ICV_L2_ADDR), which is required to interoperate with wpa_supplicant and the Linux kernel.

Validation

  • SecY unit tests (KDF/KEK/ICK/SAK and AES key wrap KATs, GCM-AES-128/256 encrypt/decrypt, tamper and replay rejection, confidentiality offsets) run in CI, and again under AddressSanitizer + UBSan. The SecY receive path has a libFuzzer harness with a CI smoke run.
  • The SecY framing is verified byte-for-byte against the Linux kernel macsec module, both directions (kernel-encrypted frames validate in wolfIP; wolfIP-protected frames are accepted and decrypted by the kernel).
  • Full control-plane interop against wpa_supplicant v2.10 (macsec_linux): peer discovery, mutual liveness, Key Server election, Distributed SAK, and SAK install.
  • Data plane: the agreed SAK is programmed into a kernel macsec device and ICMP is exchanged over the encrypted link.

Notes

  • Clean-room implementation; compiles under -Wall -Wextra -Werror on GCC and Clang and under cppcheck. Secrets are zeroized with wolfCrypt ForceZero, the ICV is compared in constant time, and the core does no dynamic allocation, so it suits both bare-metal (Cortex-M) and host targets.
  • CI runs the SecY unit tests, the static-SAK kernel interop, and the SecY fuzzer today; the MKA control-plane interop returns to CI once wolfMKA is available to the runner.

@dgarske dgarske self-assigned this Jul 10, 2026
Copilot AI review requested due to automatic review settings July 10, 2026 16:45

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a clean-room IEEE 802.1AE MACsec implementation inside wolfIP (software SecY + stateful SA layer) and integrates wolfSSL’s wolfMKA as the optional 802.1X-2010 MKA control plane, along with host-side interop tooling and CI coverage to validate framing, crypto, and robustness.

Changes:

  • Add MACsec crypto primitives (CMAC KDF, key wrap, ICV), stateless SecY frame transform, and stateful SA (PN + replay handling) under src/macsec/.
  • Add a wolfMKA adapter (mka_wolfmka.*) plus host tools (macsec-probe, macsec-sta) and Linux interop scripts.
  • Extend build system and CI to build/run MACsec unit tests, sanitizer runs, and a kernel-macsec interop check (best-effort).

Reviewed changes

Copilot reviewed 23 out of 23 changed files in this pull request and generated 11 comments.

Show a summary per file
File Description
tools/macsec/run_macsec_static_test.sh Kernel-macsec vs wolfIP SecY byte-level interop (static SAK) script.
tools/macsec/run_macsec_mka_test.sh wolfMKA participant interop script vs wpa_supplicant MKA (control plane).
tools/macsec/run_macsec_mka_dataplane_test.sh End-to-end dataplane test script (wolfMKA agrees SAK, programs kernel macsec, pings).
tools/macsec/macsec_sta.c AF_PACKET host harness to run wolfMKA participant and optionally program kernel macsec.
tools/macsec/macsec_probe.c CLI tool to protect/validate single frames via the software SecY for interop checks.
src/supplicant/supplicant_features.h Adds feature gating for MACsec prerequisites (CMAC/GCM/keywrap).
src/supplicant/eap.h Adds EAPOL_TYPE_MKA constant for EAPOL-MKA.
src/port/rp2350_cyw43439/test_cyw43_sdpcm.c Adjusts test buffer sizing for iovar build test.
src/macsec/test_macsec_secy.c Unit tests for SecY framing + protect/validate modes.
src/macsec/test_macsec_sa.c Unit tests for stateful SA (PN, replay, integrity-only, exhaustion).
src/macsec/test_macsec_crypto.c Unit tests for MACsec/MKA crypto primitives (KDF, key wrap, ICV).
src/macsec/mka_wolfmka.h Public header for wolfMKA-backed MKA adapter API.
src/macsec/mka_wolfmka.c Implementation of wolfMKA adapter (SecY ops bridge + frame TX/RX glue).
src/macsec/macsec_test.h Shared header-only helpers for MACsec standalone test binaries.
src/macsec/macsec_secy.h Public API for stateless SecY protect/validate and SecTAG parsing/building.
src/macsec/macsec_secy.c Stateless SecY MACsec transform (GCM protect/validate + SecTAG).
src/macsec/macsec_sa.h Public API for stateful SA layer (TX PN + RX replay protection).
src/macsec/macsec_sa.c Stateful SA implementation wrapping SecY (TX/RX).
src/macsec/macsec_crypto.h Public API for MACsec/MKA key hierarchy + KDF + ICV + key wrap.
src/macsec/macsec_crypto.c MACsec/MKA crypto implementation on wolfCrypt + shared supplicant helpers.
src/macsec/fuzz_macsec_secy.c libFuzzer harness for SecY receive path.
Makefile Build integration for MACsec (optional wolfMKA) + new tests/tools/fuzzer targets.
.github/workflows/supplicant.yml CI: enable MACsec builds/tests, add kernel-macsec interop, sanitizer + fuzz smoke.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tools/macsec/macsec_sta.c
Comment thread tools/macsec/macsec_sta.c
Comment thread tools/macsec/macsec_sta.c
Comment thread src/macsec/macsec_sa.c
Comment thread src/macsec/mka_wolfmka.c
Comment thread src/macsec/macsec_secy.h
Comment thread Makefile
Comment thread tools/macsec/run_macsec_mka_dataplane_test.sh
Comment thread src/macsec/macsec_sa.c
Comment thread src/macsec/mka_wolfmka.c
@dgarske

dgarske commented Jul 10, 2026

Copy link
Copy Markdown
Member Author

Requires wolfSSL/wolfDen#2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants