[RFC net-next v2 0/5] Add MACsec support for TJA11XX C45 PHYs

From: Radu Pirea (NXP OSS)
Date: Thu Aug 24 2023 - 05:17:40 EST


This is the MACsec support for TJA11XX PHYs. The MACsec block encrypts
the ethernet frames on the fly and has no buffering. This operation will
grow the frames by 32 bytes. If the frames are sent back to back, the
MACsec block will not have enough room to insert the SecTAG and the ICV
and the frames will be dropped.

To mitigate this, the PHY can parse a specific ethertype with some
padding bytes and replace them with the SecTAG and ICV. These padding
bytes might be dummy or might contain information about TX SC that must
be used to encrypt the frame.

On the RX path, the PHY can insert a similar tag that contains
information about the RX SC which received the frame. However, the RX tag
is not enabled in this patch series, but I consider this important for the
review.

Radu P.

Changes in v2:
- added documentation
- reordered and split patches
- WARN_ON_ONCE if reg address is not properly aligned
- removed unnecesary checks in insert_tx_tag
- adjusted mdo_insert_tx_tag parameters. macsec_context replaced with
phy_device and sk_buff
- added extscs parameter to allow the user to choose the TX SC selection
mechanism
- improved patches description

Radu Pirea (NXP OSS) (5):
net: macsec: documentation for macsec_context and macsec_ops
net: macsec: introduce mdo_insert_tx_tag
net: phy: nxp-c45-tja11xx add MACsec support
net: phy: nxp-c45-tja11xx: add MACsec statistics
net: phy: nxp-c45-tja11xx: implement mdo_insert_tx_tag

MAINTAINERS | 2 +-
drivers/net/macsec.c | 96 +-
drivers/net/phy/Kconfig | 2 +-
drivers/net/phy/Makefile | 4 +
drivers/net/phy/nxp-c45-tja11xx-macsec.c | 1877 ++++++++++++++++++++++
drivers/net/phy/nxp-c45-tja11xx.c | 72 +-
drivers/net/phy/nxp-c45-tja11xx.h | 55 +
include/net/macsec.h | 46 +
8 files changed, 2122 insertions(+), 32 deletions(-)
create mode 100644 drivers/net/phy/nxp-c45-tja11xx-macsec.c
create mode 100644 drivers/net/phy/nxp-c45-tja11xx.h

--
2.34.1