This code implements three well known security protocols and handshakes on Zephyr RTOS:
- MACsec + MKA
- IPsec + IKEv2
- TLS 1.3 The software was developed on the S32K148 automotive development board with Zephyr Version 4.1 During the development, the board was in "pull request" state - now adopted officially into Zephyr project.
The implementation is for evaluation pourposes only and is not implemented securely (No TRNG, memory safety, ...)
MACsec implementation is a strongly reduced implementation of the officially specified protocol, but compatible with the Linux Kernel Module.
MKA is ported from MKA Daemon for Linux by technica engineering.
IPsec + IKEv2 as well as TLS is used from Oryx Embedded (CycloneIPSEC, CycloneSSL)
All crypto primitives / cipher suites are used from Oryx Embedded Cyclone Crypto.
Some glue code as well as changes to Cyclones Code was performed in order to guarantee compatibility with Zepyhr.
In order to integrate MACsec and IPsec into the Zephyr network stack, three patches were necessary:
- MACsec is applied directly in the NXP ENET MAC driver
- IPsec is implemented directly in the Zephyr Ethernet driver
- Hardware accelerated Checksum calculation in NXP needs to be deactivated
This code contains two main parts:
- The main application code - built like a regular Zephyr application directory
- Zepyhr Patches: Necessary changes to the Zephyr Kernel Code
The Patches are applied on the following files:
- ENET MAC Driver (MACsec): drivers -> ethernet -> nxp_enet -> eth_nxp_enet.c
- CS HW Acceleration (MACsec): zephyrproject -> modules -> hal -> nxp -> mcux -> mcux-sdk -> drivers -> enet -> fsl_enet.h
- Zephyr Ethernet Driver (IPsec): subsys -> net -> l2 -> ethernet -> ethernet.c