lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAJO3-cR0u_c9rOigq=OEBiJoBUnD=XVfi0Vb+oMnhSF-xpL75g@mail.gmail.com>
Date:   Sun, 31 Jan 2021 17:28:37 -0800
From:   Gopal Raman <graman@...e-global.com>
To:     netdev@...r.kernel.org
Subject: 

Hi Aquantia PHY experts
This is a very specific question about programming the MACSEC
component of the Aquantia PHY (specifically AQR114C). I'm using the C
API ( AQ_API_3_0_4_AQRATE)
provided by Aquantia to read/write the registers over MDIO and have
compiled it into a kernel module. I'm running on a 64-bit ARM CPU from
QCA (IPQ807x). The IPQ807x
has it's own proprietary Ethernet MAC that talks to the Aquantia PHY.
I'm able to write the MACSEC tables from user space (specifically in
MMD 30) and read them back

PHY Hardware Details
Reading Static Configuration register gives these values:
oui=0x300ee3 modelNumber=2 RevisionNumber=2 firmwareMajorRevisionNumber=5
       firmwareMinorRevisionNumber=3, firmwareROM_ID_Numberfrev=193

Current Software Status
1. I'm able to write and read all the MACSEC Egress and Ingress Tables
using the APIs provided by AQ_API. I'm also able to read the stats off
the PHY and to clear the stats on the PHY
List of Egress Registers written and their values that were read back from them
1. EgressCTLF : action=1 ; other fields are all 0
My eth0 MAC is 24:15:10:2F:E0:68 and I've copied this into mac_sa field below
2. EgressClass [Index 0]: sc_idx=0 sc_sa=2 tci_sc=0 tci_87543=0
tci=0x0 action=0 mac_sa=0x2415102FE068 sa_mask=0x3F sci[0]= 0x2F101524
sci[1]= 0x010068E0  valid=0
3. EgressSC [Index 0]: tci=0x28  protect=1 fresh=1 val=1
4. Egress SA [Index 0]: next_pn=0x1 fresh=1 val=1
5. Egress SAKey [Index 0]:
11111111:22222222:33333333:44444444:00000000:00000000:00000000:00000000

One anomaly is that the EgressClass Table entry shows "valid=0" when
read back even though I write a value of 1 to that field
6. set MACSEC Enable bit (bit 1) to register 1E.C47B

Ingress registers are also written but not shown here since my
question is about Egress only

Next I assign an IP address to the interface and initiate a ping. The
packets are going out in the clear. MACSEC protection and encryption
is NOT being applied in the egress direction.

Questions
1. Are the values in these Egress tables correct ? Is the register
address for MACSEC Enable correct ? I got this from AQR405 register
spec since I don't have the spec for AQR114C
2. The API does not expose any other tables for Egress. Are there
other tables that I need to program ?
3. After the ping the values read back from the EgressCommonCounters,
EgressSCCounter and EgressSACounters are all 0
3. Looking at the atlantic Ethernet MAC driver sources in Linux
[net/drivers/ethernet/aquantia/atlantic/aq_macsec.c] I notice in the
function aq_macsec_enable() that the MAC sends a macsec_cfg_request
"message" to the PHY. Is there any such equivalent in the standalone
PHY that is not coupled with the Atlantic ?

Any help to unblock me appreciated. If you can point me to the
register spec for AQR114C I would be very grateful

Thanks
-graman@...e-global.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ