MACsec Intel® FPGA System Design User Guide

ID 767516
Date 10/02/2023
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

1. Introduction

Updated for:
Intel® Quartus® Prime Design Suite 23.2
MACsec was standardized in 2006 by the IEEE (standard IEEE 802.1AE-2006) as a point-to-point security protocol providing data confidentiality, integrity, and origin authenticity for traffic over Layer 2 links in a larger security ecosystem for ethernet LAN. In MACsec, packets flow over unidirectional secure channels (SC), which are supported by secure associations (SA). The secure associations each use a separate, randomly generated key.
Figure 1. Ethernet LAN with Number of Channels

As shown in the figure above, each node has at least one unidirectional secure channel (transmitter to receiver). Each secure channel is associated with an identifier called Secure Channel Identifier (SCI). Each node, which expects to receive the traffic sent through a particular transmit secure channel, must be configured with a matching receive secure channel. This receive secure channel must have an SCI corresponding to the SCI of the transmit secure channel of the peer. Control logic that maintains the key look-up tables stores the keys based on SCI. If the incoming packet does not have the optional SCI field, then the receiver MACsec frame uses a local SCI with the received destination MAC address along with a fixed port number.

Within each secure channel (both transmit and receive) secure associations are defined. Each secure association has a corresponding Secure Association Key and is identified by the Association Number (AN) field of the SecTAG header. Secure associations have a limited duration, hence both sides need to establish a new secure association and switch to it once the old one expires. This is called key rotation. MACsec 802.1AE protocol does not cover the key exchange between a key server within the LAN and any key client. There is another standard defined for this called "IEEE 802.1X for port-based network access control".

The figure above also indicates that on a receive node, a host (Host 4 in this example) can have multiple secure channels as the number of transmit nodes which can communicate with it (for ease of understanding, consider a dummy switch in between). This ensures that Host 3 would not be able to decrypt the communication between Host 1 and Host 4. Similarly Host 1 can’t decrypt the communication between Host 4 and Host 2 because of their secure channel number differentiation.
Figure 2. An Ethernet Frame Before and After MACsec Processing and Encryption

A MACsec packet starts with an Ethernet header with an EtherType of 0x88E5. This is followed by the MACsec SecTAG, which contains information that helps the receiver identify the decryption key, as well as a packet number (for replay protection). Within each secure association, replay protection can be performed by checking the Packet Number field of the SecTAG header against the packet number locally incremented. For strict reception ordering and replay protection, the replay protection window is to set to 0. A non-zero replay window is necessary to support the use of MACsec over provider networks that reorder frames. Frames within the window can be received out of order. Each MACsec packet has a unique sequential packet number and each packet number can only be used once in a given secure association. A secure association retires once the packet number reaches the maximum possible or programmed value.

After the SecTAG comes the payload, which can be encrypted, and the ICV (Integrity Check Value), which is compared against a re-generated one by the crypto algorithm being used to guarantee that the packet is indeed created by a node which is in possession of the key and has not been modified on the way.
Figure 3. Top Level Block Diagram of Reference Design

The MACsec system level example design provides you with a starting point for your application development. It can help accelerate your design cycle and enable you to invest your resources to add unique value to your product. Currently, only the MACsec IP is released in Quartus without any integrated MACsec software. When using the stand-alone MACsec IP, you need to integrate it with your own MACsec software for both the data path and control path to make your solution functional.

This design demonstrates the key integrated components of Intel Agilex 7 FPGA F-Series and I-Series which supports IPs such as PCIe Endpoint HIP, MCDMA, Crypto HIP, MACsec and Ethernet MAC HIP. It presents the example of an inline MACsec function between two host systems on a LAN connected through the QSFP link with Ethernet MACs configured to support 25G or 100G. The whole system is arranged in a single development kit (DevKit) which supports multiple MAC and MACsec IPs. A Host machine connected through the PCIe interface is configured as two Virtual Machines (VMs) tied to two PCIe PFs (physical functions), each driving the data and control paths independently. Software running on the host machines also enables CLI (Command Line Interface) for any user-specific testing.