In the Extended Package for MACsec Ethernet Encryption Version 1.2 (PP_NDCPP_MACSEC_EP_V1.2), SFR FCS_MACSEC_EXT.1.4 states that The TSF shall permit only EAPOL (PAE EtherType 88-8E) and MACsec frames (EtherType 88-E5)). However, in the referred standard IEEE 802.1AE-2006, Section 6.10 states that MAC control frames (EtherType is 88-08) are not guaranteed, i.e. they are transmitted without being protected inside MACSEC frames. This would imply that frames with EtherType 88-08 are to be permitted by the TSF.  

FCS_MACSEC_EXT.1.4 is modified as follows, with underlines indicating the modified text:

FCS_MACSEC_EXT.1.4 The TSF shall permit only EAPOL (PAE EtherType 88-8E), MACsec frames (EtherType 88-E5), and MAC control frames (EtherType is 88-08) and shall discard others.

Assurance Activity

TSS

The evaluator shall examine the TSS to verify that it describes the ability of the TSF to implement MACsec in accordance with IEEE 802.1AE-2006. The evaluator shall also determine that the TSS describes the ability of the TSF to derive SCI values from peer MAC address and port data and to reject traffic that does not have a valid SCI. Finally, the evaluator shall check the TSS for an assertion that only EAPOL, MACsec Ethernet frames, and MAC control frames are accepted by the MACsec interface.

AGD

There are no guidance activities for this SFR.

Test

The evaluator shall perform the following tests:

Test 1: The evaluator shall successfully establish a MACsec channel between the TOE and a MACsec-capable peer in the Operational Environment and verify that the TSF logs the communications. The evaluator shall capture the traffic between the TOE and the Operational Environment to determine the SCI that the TOE uses to identify the peer. The evaluator shall then configure a test system to capture traffic between the peer and the TOE to modify the SCI that is used to identify the peer. The evaluator then verifies that the TOE does not reply to this traffic and logs that the traffic was discarded.

Test 2: The evaluator shall send Ethernet traffic to the TOE’s MAC address that iterates through the full range of supported EtherType values (refer to http://standards.ieee.org/develop/regauth/ethertype/eth.txt) and observes that traffic for all EtherType values is discarded by the TOE except for the traffic which has an EtherType value of 88-8E, 88-E5 or 8808. Note that there are a large number of EtherType values so the evaluator is encouraged to execute a script that automatically iterates through each value.

See issue description.