xref: /freebsd/contrib/wpa/src/pae/ieee802_1x_kay.c (revision 93e779a26c651610ac6e7986d67ecc9ed2cadcbf)
1 /*
2  * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3  * Copyright (c) 2013, Qualcomm Atheros, Inc.
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include <time.h>
10 #include "includes.h"
11 #include "common.h"
12 #include "list.h"
13 #include "eloop.h"
14 #include "wpabuf.h"
15 #include "state_machine.h"
16 #include "l2_packet/l2_packet.h"
17 #include "common/eapol_common.h"
18 #include "crypto/aes_wrap.h"
19 #include "ieee802_1x_cp.h"
20 #include "ieee802_1x_key.h"
21 #include "ieee802_1x_kay.h"
22 #include "ieee802_1x_kay_i.h"
23 #include "ieee802_1x_secy_ops.h"
24 
25 
26 #define DEFAULT_SA_KEY_LEN	16
27 #define DEFAULT_ICV_LEN		16
28 #define MAX_ICV_LEN		32  /* 32 bytes, 256 bits */
29 
30 #define PENDING_PN_EXHAUSTION 0xC0000000
31 
32 /* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */
33 #define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 }
34 static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
35 
36 /* IEEE802.1AE-2006 Table 14-1 MACsec Cipher Suites */
37 static struct macsec_ciphersuite cipher_suite_tbl[] = {
38 	/* GCM-AES-128 */
39 	{
40 		CS_ID_GCM_AES_128,
41 		CS_NAME_GCM_AES_128,
42 		MACSEC_CAP_INTEG_AND_CONF_0_30_50,
43 		16,
44 
45 		0 /* index */
46 	},
47 };
48 #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
49 #define DEFAULT_CS_INDEX  0
50 
51 static struct mka_alg mka_alg_tbl[] = {
52 	{
53 		MKA_ALGO_AGILITY_2009,
54 		/* 128-bit CAK, KEK, ICK, ICV */
55 		16, 16,	16, 16,
56 		ieee802_1x_cak_128bits_aes_cmac,
57 		ieee802_1x_ckn_128bits_aes_cmac,
58 		ieee802_1x_kek_128bits_aes_cmac,
59 		ieee802_1x_ick_128bits_aes_cmac,
60 		ieee802_1x_icv_128bits_aes_cmac,
61 
62 		1, /* index */
63 	},
64 };
65 #define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
66 
67 
68 static int is_ki_equal(struct ieee802_1x_mka_ki *ki1,
69 		       struct ieee802_1x_mka_ki *ki2)
70 {
71 	return os_memcmp(ki1->mi, ki2->mi, MI_LEN) == 0 &&
72 		ki1->kn == ki2->kn;
73 }
74 
75 
76 struct mka_param_body_handler {
77 	int (*body_tx)(struct ieee802_1x_mka_participant *participant,
78 		       struct wpabuf *buf);
79 	int (*body_rx)(struct ieee802_1x_mka_participant *participant,
80 		       const u8 *mka_msg, size_t msg_len);
81 	int (*body_length)(struct ieee802_1x_mka_participant *participant);
82 	Boolean (*body_present)(struct ieee802_1x_mka_participant *participant);
83 };
84 
85 
86 static void set_mka_param_body_len(void *body, unsigned int len)
87 {
88 	struct ieee802_1x_mka_hdr *hdr = body;
89 	hdr->length = (len >> 8) & 0x0f;
90 	hdr->length1 = len & 0xff;
91 }
92 
93 
94 static unsigned int get_mka_param_body_len(const void *body)
95 {
96 	const struct ieee802_1x_mka_hdr *hdr = body;
97 	return (hdr->length << 8) | hdr->length1;
98 }
99 
100 
101 static int get_mka_param_body_type(const void *body)
102 {
103 	const struct ieee802_1x_mka_hdr *hdr = body;
104 	return hdr->type;
105 }
106 
107 
108 /**
109  * ieee802_1x_mka_dump_basic_body -
110  */
111 static void
112 ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
113 {
114 	size_t body_len;
115 
116 	if (!body)
117 		return;
118 
119 	body_len = get_mka_param_body_len(body);
120 	wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***");
121 	wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version);
122 	wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
123 	wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
124 	wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
125 	wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capbility);
126 	wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
127 	wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
128 		   MAC2STR(body->actor_sci.addr));
129 	wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
130 		   be_to_host16(body->actor_sci.port));
131 	wpa_hexdump(MSG_DEBUG, "\tMember Id.....:",
132 		    body->actor_mi, sizeof(body->actor_mi));
133 	wpa_printf(MSG_DEBUG, "\tMessage Number: %d",
134 		   be_to_host32(body->actor_mn));
135 	wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:",
136 		    body->algo_agility, sizeof(body->algo_agility));
137 	wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn,
138 			  body_len + MKA_HDR_LEN - sizeof(*body));
139 }
140 
141 
142 /**
143  * ieee802_1x_mka_dump_peer_body -
144  */
145 static void
146 ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
147 {
148 	size_t body_len;
149 	size_t i;
150 	u8 *mi;
151 	u32 mn;
152 
153 	if (body == NULL)
154 		return;
155 
156 	body_len = get_mka_param_body_len(body);
157 	if (body->type == MKA_LIVE_PEER_LIST) {
158 		wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
159 		wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
160 	} else if (body->type == MKA_POTENTIAL_PEER_LIST) {
161 		wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
162 		wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
163 	}
164 
165 	for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
166 		mi = body->peer + i;
167 		os_memcpy(&mn, mi + MI_LEN, sizeof(mn));
168 		wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN);
169 		wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn));
170 	}
171 }
172 
173 
174 /**
175  * ieee802_1x_mka_dump_dist_sak_body -
176  */
177 static void
178 ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body)
179 {
180 	size_t body_len;
181 
182 	if (body == NULL)
183 		return;
184 
185 	body_len = get_mka_param_body_len(body);
186 	wpa_printf(MSG_INFO, "*** Distributed SAK ***");
187 	wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
188 	wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
189 		   body->confid_offset);
190 	wpa_printf(MSG_INFO, "\tBody Length...........: %d", (int) body_len);
191 	if (!body_len)
192 		return;
193 
194 	wpa_printf(MSG_INFO, "\tKey Number............: %d",
195 		   be_to_host32(body->kn));
196 	wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24);
197 }
198 
199 
200 static const char * yes_no(int val)
201 {
202 	return val ? "Yes" : "No";
203 }
204 
205 
206 /**
207  * ieee802_1x_mka_dump_sak_use_body -
208  */
209 static void
210 ieee802_1x_mka_dump_sak_use_body(struct ieee802_1x_mka_sak_use_body *body)
211 {
212 	int body_len;
213 
214 	if (body == NULL)
215 		return;
216 
217 	body_len = get_mka_param_body_len(body);
218 	wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***");
219 	wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan);
220 	wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx));
221 	wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx));
222 	wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan);
223 	wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx));
224 	wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx));
225 	wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx));
226 	wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx));
227 	wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s",
228 		   yes_no(body->delay_protect));
229 	wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len);
230 	if (!body_len)
231 		return;
232 
233 	wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:",
234 		    body->lsrv_mi, sizeof(body->lsrv_mi));
235 	wpa_printf(MSG_DEBUG, "\tKey Number.......: %u",
236 		   be_to_host32(body->lkn));
237 	wpa_printf(MSG_DEBUG, "\tLowest PN........: %u",
238 		   be_to_host32(body->llpn));
239 	wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:",
240 			  body->osrv_mi, sizeof(body->osrv_mi));
241 	wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u",
242 		   be_to_host32(body->okn));
243 	wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u",
244 		   be_to_host32(body->olpn));
245 }
246 
247 
248 /**
249  * ieee802_1x_kay_get_participant -
250  */
251 static struct ieee802_1x_mka_participant *
252 ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn)
253 {
254 	struct ieee802_1x_mka_participant *participant;
255 
256 	dl_list_for_each(participant, &kay->participant_list,
257 			 struct ieee802_1x_mka_participant, list) {
258 		if (os_memcmp(participant->ckn.name, ckn,
259 			      participant->ckn.len) == 0)
260 			return participant;
261 	}
262 
263 	wpa_printf(MSG_DEBUG, "KaY: participant is not found");
264 
265 	return NULL;
266 }
267 
268 
269 /**
270  * ieee802_1x_kay_get_principal_participant -
271  */
272 static struct ieee802_1x_mka_participant *
273 ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
274 {
275 	struct ieee802_1x_mka_participant *participant;
276 
277 	dl_list_for_each(participant, &kay->participant_list,
278 			 struct ieee802_1x_mka_participant, list) {
279 		if (participant->principal)
280 			return participant;
281 	}
282 
283 	wpa_printf(MSG_DEBUG, "KaY: principal participant is not founded");
284 	return NULL;
285 }
286 
287 
288 static struct ieee802_1x_kay_peer * get_peer_mi(struct dl_list *peers,
289 						const u8 *mi)
290 {
291 	struct ieee802_1x_kay_peer *peer;
292 
293 	dl_list_for_each(peer, peers, struct ieee802_1x_kay_peer, list) {
294 		if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
295 			return peer;
296 	}
297 
298 	return NULL;
299 }
300 
301 
302 /**
303  * ieee802_1x_kay_is_in_potential_peer
304  */
305 static Boolean
306 ieee802_1x_kay_is_in_potential_peer(
307 	struct ieee802_1x_mka_participant *participant, const u8 *mi)
308 {
309 	return get_peer_mi(&participant->potential_peers, mi) != NULL;
310 }
311 
312 
313 /**
314  * ieee802_1x_kay_is_in_live_peer
315  */
316 static Boolean
317 ieee802_1x_kay_is_in_live_peer(
318 	struct ieee802_1x_mka_participant *participant, const u8 *mi)
319 {
320 	return get_peer_mi(&participant->live_peers, mi) != NULL;
321 }
322 
323 
324 /**
325  * ieee802_1x_kay_is_in_peer
326  */
327 static Boolean
328 ieee802_1x_kay_is_in_peer(struct ieee802_1x_mka_participant *participant,
329 			  const u8 *mi)
330 {
331 	return ieee802_1x_kay_is_in_live_peer(participant, mi) ||
332 		ieee802_1x_kay_is_in_potential_peer(participant, mi);
333 }
334 
335 
336 /**
337  * ieee802_1x_kay_get_peer
338  */
339 static struct ieee802_1x_kay_peer *
340 ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
341 			const u8 *mi)
342 {
343 	struct ieee802_1x_kay_peer *peer;
344 
345 	peer = get_peer_mi(&participant->live_peers, mi);
346 	if (peer)
347 		return peer;
348 
349 	return get_peer_mi(&participant->potential_peers, mi);
350 }
351 
352 
353 /**
354  * ieee802_1x_kay_get_live_peer
355  */
356 static struct ieee802_1x_kay_peer *
357 ieee802_1x_kay_get_live_peer(struct ieee802_1x_mka_participant *participant,
358 			     const u8 *mi)
359 {
360 	return get_peer_mi(&participant->live_peers, mi);
361 }
362 
363 
364 /**
365  * ieee802_1x_kay_get_cipher_suite
366  */
367 static struct macsec_ciphersuite *
368 ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
369 				u8 *cs_id)
370 {
371 	unsigned int i;
372 
373 	for (i = 0; i < CS_TABLE_SIZE; i++) {
374 		if (os_memcmp(cipher_suite_tbl[i].id, cs_id, CS_ID_LEN) == 0)
375 			break;
376 	}
377 	if (i >= CS_TABLE_SIZE)
378 		return NULL;
379 
380 	return &cipher_suite_tbl[i];
381 }
382 
383 
384 /**
385  * ieee802_1x_kay_get_peer_sci
386  */
387 static struct ieee802_1x_kay_peer *
388 ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant,
389 			    const struct ieee802_1x_mka_sci *sci)
390 {
391 	struct ieee802_1x_kay_peer *peer;
392 
393 	dl_list_for_each(peer, &participant->live_peers,
394 			 struct ieee802_1x_kay_peer, list) {
395 		if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
396 			return peer;
397 	}
398 
399 	dl_list_for_each(peer, &participant->potential_peers,
400 			 struct ieee802_1x_kay_peer, list) {
401 		if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
402 			return peer;
403 	}
404 
405 	return NULL;
406 }
407 
408 
409 /**
410  * ieee802_1x_kay_init_receive_sa -
411  */
412 static struct receive_sa *
413 ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn,
414 			       struct data_key *key)
415 {
416 	struct receive_sa *psa;
417 
418 	if (!psc || !key)
419 		return NULL;
420 
421 	psa = os_zalloc(sizeof(*psa));
422 	if (!psa) {
423 		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
424 		return NULL;
425 	}
426 
427 	psa->pkey = key;
428 	psa->lowest_pn = lowest_pn;
429 	psa->next_pn = lowest_pn;
430 	psa->an = an;
431 	psa->sc = psc;
432 
433 	os_get_time(&psa->created_time);
434 	psa->in_use = FALSE;
435 
436 	dl_list_add(&psc->sa_list, &psa->list);
437 	wpa_printf(MSG_DEBUG,
438 		   "KaY: Create receive SA(AN: %d lowest_pn: %u of SC(channel: %d)",
439 		   (int) an, lowest_pn, psc->channel);
440 
441 	return psa;
442 }
443 
444 
445 /**
446  * ieee802_1x_kay_deinit_receive_sa -
447  */
448 static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa)
449 {
450 	psa->pkey = NULL;
451 	wpa_printf(MSG_DEBUG,
452 		   "KaY: Delete receive SA(an: %d) of SC(channel: %d)",
453 		   psa->an, psa->sc->channel);
454 	dl_list_del(&psa->list);
455 	os_free(psa);
456 }
457 
458 
459 /**
460  * ieee802_1x_kay_init_receive_sc -
461  */
462 static struct receive_sc *
463 ieee802_1x_kay_init_receive_sc(const struct ieee802_1x_mka_sci *psci,
464 			       int channel)
465 {
466 	struct receive_sc *psc;
467 
468 	if (!psci)
469 		return NULL;
470 
471 	psc = os_zalloc(sizeof(*psc));
472 	if (!psc) {
473 		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
474 		return NULL;
475 	}
476 
477 	os_memcpy(&psc->sci, psci, sizeof(psc->sci));
478 	psc->channel = channel;
479 
480 	os_get_time(&psc->created_time);
481 	psc->receiving = FALSE;
482 
483 	dl_list_init(&psc->sa_list);
484 	wpa_printf(MSG_DEBUG, "KaY: Create receive SC(channel: %d)", channel);
485 	wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci));
486 
487 	return psc;
488 }
489 
490 
491 /**
492  * ieee802_1x_kay_deinit_receive_sc -
493  **/
494 static void
495 ieee802_1x_kay_deinit_receive_sc(
496 	struct ieee802_1x_mka_participant *participant, struct receive_sc *psc)
497 {
498 	struct receive_sa *psa, *pre_sa;
499 
500 	wpa_printf(MSG_DEBUG, "KaY: Delete receive SC(channel: %d)",
501 		   psc->channel);
502 	dl_list_for_each_safe(psa, pre_sa, &psc->sa_list, struct receive_sa,
503 			      list)  {
504 		secy_disable_receive_sa(participant->kay, psa);
505 		ieee802_1x_kay_deinit_receive_sa(psa);
506 	}
507 	dl_list_del(&psc->list);
508 	os_free(psc);
509 }
510 
511 
512 /**
513  * ieee802_1x_kay_create_live_peer
514  */
515 static struct ieee802_1x_kay_peer *
516 ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
517 				u8 *mi, u32 mn)
518 {
519 	struct ieee802_1x_kay_peer *peer;
520 	struct receive_sc *rxsc;
521 	u32 sc_ch = 0;
522 
523 	peer = os_zalloc(sizeof(*peer));
524 	if (peer == NULL) {
525 		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
526 		return NULL;
527 	}
528 
529 	os_memcpy(peer->mi, mi, MI_LEN);
530 	peer->mn = mn;
531 	peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
532 	peer->sak_used = FALSE;
533 	os_memcpy(&peer->sci, &participant->current_peer_sci,
534 		  sizeof(peer->sci));
535 	dl_list_add(&participant->live_peers, &peer->list);
536 
537 	secy_get_available_receive_sc(participant->kay, &sc_ch);
538 
539 	rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
540 	if (!rxsc)
541 		return NULL;
542 
543 	dl_list_add(&participant->rxsc_list, &rxsc->list);
544 	secy_create_receive_sc(participant->kay, rxsc);
545 
546 	wpa_printf(MSG_DEBUG, "KaY: Live peer created");
547 	wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
548 	wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
549 	wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
550 	wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
551 
552 	return peer;
553 }
554 
555 
556 /**
557  * ieee802_1x_kay_create_potential_peer
558  */
559 static struct ieee802_1x_kay_peer *
560 ieee802_1x_kay_create_potential_peer(
561 	struct ieee802_1x_mka_participant *participant, const u8 *mi, u32 mn)
562 {
563 	struct ieee802_1x_kay_peer *peer;
564 
565 	peer = os_zalloc(sizeof(*peer));
566 	if (peer == NULL) {
567 		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
568 		return NULL;
569 	}
570 
571 	os_memcpy(peer->mi, mi, MI_LEN);
572 	peer->mn = mn;
573 	peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
574 	peer->sak_used = FALSE;
575 
576 	dl_list_add(&participant->potential_peers, &peer->list);
577 
578 	wpa_printf(MSG_DEBUG, "KaY: potential peer created");
579 	wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
580 	wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
581 	wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
582 	wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
583 
584 	return peer;
585 }
586 
587 
588 /**
589  * ieee802_1x_kay_move_live_peer
590  */
591 static struct ieee802_1x_kay_peer *
592 ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
593 			      u8 *mi, u32 mn)
594 {
595 	struct ieee802_1x_kay_peer *peer;
596 	struct receive_sc *rxsc;
597 	u32 sc_ch = 0;
598 
599 	dl_list_for_each(peer, &participant->potential_peers,
600 			 struct ieee802_1x_kay_peer, list) {
601 		if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
602 			break;
603 	}
604 
605 	os_memcpy(&peer->sci, &participant->current_peer_sci,
606 		  sizeof(peer->sci));
607 	peer->mn = mn;
608 	peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
609 
610 	wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
611 	wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
612 	wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
613 	wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
614 	wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
615 
616 	dl_list_del(&peer->list);
617 	dl_list_add_tail(&participant->live_peers, &peer->list);
618 
619 	secy_get_available_receive_sc(participant->kay, &sc_ch);
620 
621 	rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
622 	if (!rxsc)
623 		return NULL;
624 
625 	dl_list_add(&participant->rxsc_list, &rxsc->list);
626 	secy_create_receive_sc(participant->kay, rxsc);
627 
628 	return peer;
629 }
630 
631 
632 
633 /**
634  *  ieee802_1x_mka_basic_body_present -
635  */
636 static Boolean
637 ieee802_1x_mka_basic_body_present(
638 	struct ieee802_1x_mka_participant *participant)
639 {
640 	return TRUE;
641 }
642 
643 
644 /**
645  * ieee802_1x_mka_basic_body_length -
646  */
647 static int
648 ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant)
649 {
650 	int length;
651 
652 	length = sizeof(struct ieee802_1x_mka_basic_body);
653 	length += participant->ckn.len;
654 	return (length + 0x3) & ~0x3;
655 }
656 
657 
658 /**
659  * ieee802_1x_mka_encode_basic_body
660  */
661 static int
662 ieee802_1x_mka_encode_basic_body(
663 	struct ieee802_1x_mka_participant *participant,
664 	struct wpabuf *buf)
665 {
666 	struct ieee802_1x_mka_basic_body *body;
667 	struct ieee802_1x_kay *kay = participant->kay;
668 	unsigned int length = ieee802_1x_mka_basic_body_length(participant);
669 
670 	body = wpabuf_put(buf, length);
671 
672 	body->version = kay->mka_version;
673 	body->priority = kay->actor_priority;
674 	if (participant->is_elected)
675 		body->key_server = participant->is_key_server;
676 	else
677 		body->key_server = participant->can_be_key_server;
678 
679 	body->macsec_desired = kay->macsec_desired;
680 	body->macsec_capbility = kay->macsec_capable;
681 	set_mka_param_body_len(body, length - MKA_HDR_LEN);
682 
683 	os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
684 		  sizeof(kay->actor_sci.addr));
685 	body->actor_sci.port = host_to_be16(kay->actor_sci.port);
686 
687 	os_memcpy(body->actor_mi, participant->mi, sizeof(body->actor_mi));
688 	participant->mn = participant->mn + 1;
689 	body->actor_mn = host_to_be32(participant->mn);
690 	os_memcpy(body->algo_agility, participant->kay->algo_agility,
691 		  sizeof(body->algo_agility));
692 
693 	os_memcpy(body->ckn, participant->ckn.name, participant->ckn.len);
694 
695 	ieee802_1x_mka_dump_basic_body(body);
696 
697 	return 0;
698 }
699 
700 
701 /**
702  * ieee802_1x_mka_decode_basic_body -
703  */
704 static struct ieee802_1x_mka_participant *
705 ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
706 				 size_t msg_len)
707 {
708 	struct ieee802_1x_mka_participant *participant;
709 	const struct ieee802_1x_mka_basic_body *body;
710 	struct ieee802_1x_kay_peer *peer;
711 
712 	body = (const struct ieee802_1x_mka_basic_body *) mka_msg;
713 
714 	if (body->version > MKA_VERSION_ID) {
715 		wpa_printf(MSG_DEBUG,
716 			   "KaY: peer's version(%d) greater than mka current version(%d)",
717 			   body->version, MKA_VERSION_ID);
718 	}
719 	if (kay->is_obliged_key_server && body->key_server) {
720 		wpa_printf(MSG_DEBUG, "I must be as key server");
721 		return NULL;
722 	}
723 
724 	participant = ieee802_1x_kay_get_participant(kay, body->ckn);
725 	if (!participant) {
726 		wpa_printf(MSG_DEBUG, "Peer is not included in my CA");
727 		return NULL;
728 	}
729 
730 	/* If the peer's MI is my MI, I will choose new MI */
731 	if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
732 		if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
733 			return NULL;
734 		participant->mn = 0;
735 	}
736 
737 	os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
738 	participant->current_peer_id.mn =  be_to_host32(body->actor_mn);
739 	os_memcpy(participant->current_peer_sci.addr, body->actor_sci.addr,
740 		  sizeof(participant->current_peer_sci.addr));
741 	participant->current_peer_sci.port = be_to_host16(body->actor_sci.port);
742 
743 	/* handler peer */
744 	peer = ieee802_1x_kay_get_peer(participant, body->actor_mi);
745 	if (!peer) {
746 		/* Check duplicated SCI */
747 		/* TODO: What policy should be applied to detect duplicated SCI
748 		 * is active attacker or a valid peer whose MI is be changed?
749 		 */
750 		peer = ieee802_1x_kay_get_peer_sci(participant,
751 						   &body->actor_sci);
752 		if (peer) {
753 			wpa_printf(MSG_WARNING,
754 				   "KaY: duplicated SCI detected, Maybe active attacker");
755 			dl_list_del(&peer->list);
756 			os_free(peer);
757 		}
758 
759 		peer = ieee802_1x_kay_create_potential_peer(
760 			participant, body->actor_mi,
761 			be_to_host32(body->actor_mn));
762 		if (!peer)
763 			return NULL;
764 
765 		peer->macsec_desired = body->macsec_desired;
766 		peer->macsec_capbility = body->macsec_capbility;
767 		peer->is_key_server = (Boolean) body->key_server;
768 		peer->key_server_priority = body->priority;
769 	} else if (peer->mn < be_to_host32(body->actor_mn)) {
770 		peer->mn = be_to_host32(body->actor_mn);
771 		peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
772 		peer->macsec_desired = body->macsec_desired;
773 		peer->macsec_capbility = body->macsec_capbility;
774 		peer->is_key_server = (Boolean) body->key_server;
775 		peer->key_server_priority = body->priority;
776 	} else {
777 		wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
778 		return NULL;
779 	}
780 
781 	return participant;
782 }
783 
784 
785 /**
786  * ieee802_1x_mka_live_peer_body_present
787  */
788 static Boolean
789 ieee802_1x_mka_live_peer_body_present(
790 	struct ieee802_1x_mka_participant *participant)
791 {
792 	return !dl_list_empty(&participant->live_peers);
793 }
794 
795 
796 /**
797  * ieee802_1x_kay_get_live_peer_length
798  */
799 static int
800 ieee802_1x_mka_get_live_peer_length(
801 	struct ieee802_1x_mka_participant *participant)
802 {
803 	int len = MKA_HDR_LEN;
804 	struct ieee802_1x_kay_peer *peer;
805 
806 	dl_list_for_each(peer, &participant->live_peers,
807 			 struct ieee802_1x_kay_peer, list)
808 		len += sizeof(struct ieee802_1x_mka_peer_id);
809 
810 	return (len + 0x3) & ~0x3;
811 }
812 
813 
814 /**
815  * ieee802_1x_mka_encode_live_peer_body -
816  */
817 static int
818 ieee802_1x_mka_encode_live_peer_body(
819 	struct ieee802_1x_mka_participant *participant,
820 	struct wpabuf *buf)
821 {
822 	struct ieee802_1x_mka_peer_body *body;
823 	struct ieee802_1x_kay_peer *peer;
824 	unsigned int length;
825 	struct ieee802_1x_mka_peer_id *body_peer;
826 
827 	length = ieee802_1x_mka_get_live_peer_length(participant);
828 	body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
829 
830 	body->type = MKA_LIVE_PEER_LIST;
831 	set_mka_param_body_len(body, length - MKA_HDR_LEN);
832 
833 	dl_list_for_each(peer, &participant->live_peers,
834 			 struct ieee802_1x_kay_peer, list) {
835 		body_peer = wpabuf_put(buf,
836 				       sizeof(struct ieee802_1x_mka_peer_id));
837 		os_memcpy(body_peer->mi, peer->mi, MI_LEN);
838 		body_peer->mn = host_to_be32(peer->mn);
839 		body_peer++;
840 	}
841 
842 	ieee802_1x_mka_dump_peer_body(body);
843 	return 0;
844 }
845 
846 /**
847  * ieee802_1x_mka_potential_peer_body_present
848  */
849 static Boolean
850 ieee802_1x_mka_potential_peer_body_present(
851 	struct ieee802_1x_mka_participant *participant)
852 {
853 	return !dl_list_empty(&participant->potential_peers);
854 }
855 
856 
857 /**
858  * ieee802_1x_kay_get_potential_peer_length
859  */
860 static int
861 ieee802_1x_mka_get_potential_peer_length(
862 	struct ieee802_1x_mka_participant *participant)
863 {
864 	int len = MKA_HDR_LEN;
865 	struct ieee802_1x_kay_peer *peer;
866 
867 	dl_list_for_each(peer, &participant->potential_peers,
868 			 struct ieee802_1x_kay_peer, list)
869 		len += sizeof(struct ieee802_1x_mka_peer_id);
870 
871 	return (len + 0x3) & ~0x3;
872 }
873 
874 
875 /**
876  * ieee802_1x_mka_encode_potential_peer_body -
877  */
878 static int
879 ieee802_1x_mka_encode_potential_peer_body(
880 	struct ieee802_1x_mka_participant *participant,
881 	struct wpabuf *buf)
882 {
883 	struct ieee802_1x_mka_peer_body *body;
884 	struct ieee802_1x_kay_peer *peer;
885 	unsigned int length;
886 	struct ieee802_1x_mka_peer_id *body_peer;
887 
888 	length = ieee802_1x_mka_get_potential_peer_length(participant);
889 	body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
890 
891 	body->type = MKA_POTENTIAL_PEER_LIST;
892 	set_mka_param_body_len(body, length - MKA_HDR_LEN);
893 
894 	dl_list_for_each(peer, &participant->potential_peers,
895 			 struct ieee802_1x_kay_peer, list) {
896 		body_peer = wpabuf_put(buf,
897 				       sizeof(struct ieee802_1x_mka_peer_id));
898 		os_memcpy(body_peer->mi, peer->mi, MI_LEN);
899 		body_peer->mn = host_to_be32(peer->mn);
900 		body_peer++;
901 	}
902 
903 	ieee802_1x_mka_dump_peer_body(body);
904 	return 0;
905 }
906 
907 
908 /**
909  * ieee802_1x_mka_i_in_peerlist -
910  */
911 static Boolean
912 ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
913 			     const u8 *mka_msg, size_t msg_len)
914 {
915 	Boolean included = FALSE;
916 	struct ieee802_1x_mka_hdr *hdr;
917 	size_t body_len;
918 	size_t left_len;
919 	int body_type;
920 	u32 peer_mn;
921 	const u8 *peer_mi;
922 	const u8 *pos;
923 	size_t i;
924 
925 	pos = mka_msg;
926 	left_len = msg_len;
927 	while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
928 		hdr = (struct ieee802_1x_mka_hdr *) pos;
929 		body_len = get_mka_param_body_len(hdr);
930 		body_type = get_mka_param_body_type(hdr);
931 
932 		if (body_type != MKA_LIVE_PEER_LIST &&
933 		    body_type != MKA_POTENTIAL_PEER_LIST)
934 			goto SKIP_PEER;
935 
936 		ieee802_1x_mka_dump_peer_body(
937 			(struct ieee802_1x_mka_peer_body *)pos);
938 
939 		if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
940 			wpa_printf(MSG_ERROR,
941 				   "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
942 				   (int) left_len, (int) MKA_HDR_LEN,
943 				   (int) body_len, DEFAULT_ICV_LEN);
944 			goto SKIP_PEER;
945 		}
946 
947 		if ((body_len % 16) != 0) {
948 			wpa_printf(MSG_ERROR,
949 				   "KaY: MKA Peer Packet Body Length (%d bytes) should multiple of 16 octets",
950 				   (int) body_len);
951 			goto SKIP_PEER;
952 		}
953 
954 		for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
955 			peer_mi = MKA_HDR_LEN + pos + i;
956 			os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
957 			peer_mn = be_to_host32(peer_mn);
958 			if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
959 			    peer_mn == participant->mn) {
960 				included = TRUE;
961 				break;
962 			}
963 		}
964 
965 		if (included)
966 			return TRUE;
967 
968 SKIP_PEER:
969 		left_len -= body_len + MKA_HDR_LEN;
970 		pos += body_len + MKA_HDR_LEN;
971 	}
972 
973 	return FALSE;
974 }
975 
976 
977 /**
978  * ieee802_1x_mka_decode_live_peer_body -
979  */
980 static int ieee802_1x_mka_decode_live_peer_body(
981 	struct ieee802_1x_mka_participant *participant,
982 	const u8 *peer_msg, size_t msg_len)
983 {
984 	const struct ieee802_1x_mka_hdr *hdr;
985 	struct ieee802_1x_kay_peer *peer;
986 	size_t body_len;
987 	u32 peer_mn;
988 	const u8 *peer_mi;
989 	size_t i;
990 	Boolean is_included;
991 
992 	is_included = ieee802_1x_kay_is_in_live_peer(
993 		participant, participant->current_peer_id.mi);
994 
995 	hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
996 	body_len = get_mka_param_body_len(hdr);
997 
998 	for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
999 		peer_mi = MKA_HDR_LEN + peer_msg + i;
1000 		os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
1001 		peer_mn = be_to_host32(peer_mn);
1002 
1003 		/* it is myself */
1004 		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1005 			/* My message id is used by other participant */
1006 			if (peer_mn > participant->mn) {
1007 				if (os_get_random(participant->mi,
1008 						  sizeof(participant->mi)) < 0)
1009 					wpa_printf(MSG_DEBUG,
1010 						   "KaY: Could not update mi");
1011 				participant->mn = 0;
1012 			}
1013 			continue;
1014 		}
1015 		if (!is_included)
1016 			continue;
1017 
1018 		peer = ieee802_1x_kay_get_peer(participant, peer_mi);
1019 		if (NULL != peer) {
1020 			peer->mn = peer_mn;
1021 			peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
1022 		} else {
1023 			if (!ieee802_1x_kay_create_potential_peer(
1024 				participant, peer_mi, peer_mn)) {
1025 				return -1;
1026 			}
1027 		}
1028 	}
1029 
1030 	return 0;
1031 }
1032 
1033 
1034 /**
1035  * ieee802_1x_mka_decode_potential_peer_body -
1036  */
1037 static int
1038 ieee802_1x_mka_decode_potential_peer_body(
1039 	struct ieee802_1x_mka_participant *participant,
1040 	const u8 *peer_msg, size_t msg_len)
1041 {
1042 	struct ieee802_1x_mka_hdr *hdr;
1043 	size_t body_len;
1044 	u32 peer_mn;
1045 	const u8 *peer_mi;
1046 	size_t i;
1047 
1048 	hdr = (struct ieee802_1x_mka_hdr *) peer_msg;
1049 	body_len = get_mka_param_body_len(hdr);
1050 
1051 	for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
1052 		peer_mi = MKA_HDR_LEN + peer_msg + i;
1053 		os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
1054 		peer_mn = be_to_host32(peer_mn);
1055 
1056 		/* it is myself */
1057 		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1058 			/* My message id is used by other participant */
1059 			if (peer_mn > participant->mn) {
1060 				if (os_get_random(participant->mi,
1061 						  sizeof(participant->mi)) < 0)
1062 					wpa_printf(MSG_DEBUG,
1063 						   "KaY: Could not update mi");
1064 				participant->mn = 0;
1065 			}
1066 			continue;
1067 		}
1068 	}
1069 
1070 	return 0;
1071 }
1072 
1073 
1074 /**
1075  * ieee802_1x_mka_sak_use_body_present
1076  */
1077 static Boolean
1078 ieee802_1x_mka_sak_use_body_present(
1079 	struct ieee802_1x_mka_participant *participant)
1080 {
1081 	if (participant->to_use_sak)
1082 		return TRUE;
1083 	else
1084 		return FALSE;
1085 }
1086 
1087 
1088 /**
1089  * ieee802_1x_mka_get_sak_use_length
1090  */
1091 static int
1092 ieee802_1x_mka_get_sak_use_length(
1093 	struct ieee802_1x_mka_participant *participant)
1094 {
1095 	int length = MKA_HDR_LEN;
1096 
1097 	if (participant->kay->macsec_desired && participant->advised_desired)
1098 		length = sizeof(struct ieee802_1x_mka_sak_use_body);
1099 	else
1100 		length = MKA_HDR_LEN;
1101 
1102 	length = (length + 0x3) & ~0x3;
1103 
1104 	return length;
1105 }
1106 
1107 
1108 /**
1109  *
1110  */
1111 static u32
1112 ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal,
1113 		       struct ieee802_1x_mka_ki *ki)
1114 {
1115 	struct receive_sa *rxsa;
1116 	struct receive_sc *rxsc;
1117 	u32 lpn = 0;
1118 
1119 	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
1120 		dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
1121 		{
1122 			if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
1123 				secy_get_receive_lowest_pn(principal->kay,
1124 							   rxsa);
1125 
1126 				lpn = lpn > rxsa->lowest_pn ?
1127 					lpn : rxsa->lowest_pn;
1128 				break;
1129 			}
1130 		}
1131 	}
1132 
1133 	if (lpn == 0)
1134 		lpn = 1;
1135 
1136 	return lpn;
1137 }
1138 
1139 
1140 /**
1141  * ieee802_1x_mka_encode_sak_use_body -
1142  */
1143 static int
1144 ieee802_1x_mka_encode_sak_use_body(
1145 	struct ieee802_1x_mka_participant *participant,
1146 	struct wpabuf *buf)
1147 {
1148 	struct ieee802_1x_mka_sak_use_body *body;
1149 	unsigned int length;
1150 	u32 pn = 1;
1151 
1152 	length = ieee802_1x_mka_get_sak_use_length(participant);
1153 	body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_sak_use_body));
1154 
1155 	body->type = MKA_SAK_USE;
1156 	set_mka_param_body_len(body, length - MKA_HDR_LEN);
1157 
1158 	if (length == MKA_HDR_LEN) {
1159 		body->ptx = TRUE;
1160 		body->prx = TRUE;
1161 		body->lan = 0;
1162 		body->lrx = FALSE;
1163 		body->ltx = FALSE;
1164 		body->delay_protect = FALSE;
1165 		return 0;
1166 	}
1167 
1168 	/* data protect, lowest accept packet number */
1169 	body->delay_protect = participant->kay->macsec_replay_protect;
1170 	pn = ieee802_1x_mka_get_lpn(participant, &participant->lki);
1171 	if (pn > participant->kay->pn_exhaustion) {
1172 		wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
1173 		if (participant->is_key_server)
1174 			participant->new_sak = TRUE;
1175 	}
1176 
1177 	body->llpn = host_to_be32(pn);
1178 	pn = ieee802_1x_mka_get_lpn(participant, &participant->oki);
1179 	body->olpn = host_to_be32(pn);
1180 
1181 	/* plain tx, plain rx */
1182 	if (participant->kay->macsec_protect)
1183 		body->ptx = FALSE;
1184 	else
1185 		body->ptx = TRUE;
1186 
1187 	if (participant->kay->macsec_validate == Strict)
1188 		body->prx = FALSE;
1189 	else
1190 		body->prx = TRUE;
1191 
1192 	/* latest key: rx, tx, key server member identifier key number */
1193 	body->lan = participant->lan;
1194 	os_memcpy(body->lsrv_mi, participant->lki.mi,
1195 		  sizeof(body->lsrv_mi));
1196 	body->lkn = host_to_be32(participant->lki.kn);
1197 	body->lrx = participant->lrx;
1198 	body->ltx = participant->ltx;
1199 
1200 	/* old key: rx, tx, key server member identifier key number */
1201 	body->oan = participant->oan;
1202 	if (participant->oki.kn != participant->lki.kn &&
1203 	    participant->oki.kn != 0) {
1204 		body->otx = TRUE;
1205 		body->orx = TRUE;
1206 		os_memcpy(body->osrv_mi, participant->oki.mi,
1207 			  sizeof(body->osrv_mi));
1208 		body->okn = host_to_be32(participant->oki.kn);
1209 	} else {
1210 		body->otx = FALSE;
1211 		body->orx = FALSE;
1212 	}
1213 
1214 	/* set CP's variable */
1215 	if (body->ltx) {
1216 		if (!participant->kay->tx_enable)
1217 			participant->kay->tx_enable = TRUE;
1218 
1219 		if (!participant->kay->port_enable)
1220 			participant->kay->port_enable = TRUE;
1221 	}
1222 	if (body->lrx) {
1223 		if (!participant->kay->rx_enable)
1224 			participant->kay->rx_enable = TRUE;
1225 	}
1226 
1227 	ieee802_1x_mka_dump_sak_use_body(body);
1228 	return 0;
1229 }
1230 
1231 
1232 /**
1233  * ieee802_1x_mka_decode_sak_use_body -
1234  */
1235 static int
1236 ieee802_1x_mka_decode_sak_use_body(
1237 	struct ieee802_1x_mka_participant *participant,
1238 	const u8 *mka_msg, size_t msg_len)
1239 {
1240 	struct ieee802_1x_mka_hdr *hdr;
1241 	struct ieee802_1x_mka_sak_use_body *body;
1242 	struct ieee802_1x_kay_peer *peer;
1243 	struct transmit_sa *txsa;
1244 	struct data_key *sa_key = NULL;
1245 	size_t body_len;
1246 	struct ieee802_1x_mka_ki ki;
1247 	u32 lpn;
1248 	Boolean all_receiving;
1249 	Boolean founded;
1250 
1251 	if (!participant->principal) {
1252 		wpa_printf(MSG_WARNING, "KaY: Participant is not principal");
1253 		return -1;
1254 	}
1255 	peer = ieee802_1x_kay_get_live_peer(participant,
1256 					    participant->current_peer_id.mi);
1257 	if (!peer) {
1258 		wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
1259 		return -1;
1260 	}
1261 
1262 	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1263 	body_len = get_mka_param_body_len(hdr);
1264 	body = (struct ieee802_1x_mka_sak_use_body *) mka_msg;
1265 	ieee802_1x_mka_dump_sak_use_body(body);
1266 
1267 	if ((body_len != 0) && (body_len < 40)) {
1268 		wpa_printf(MSG_ERROR,
1269 			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 40, or more octets",
1270 			   (int) body_len);
1271 		return -1;
1272 	}
1273 
1274 	/* TODO: what action should I take when peer does not support MACsec */
1275 	if (body_len == 0) {
1276 		wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec");
1277 		return 0;
1278 	}
1279 
1280 	/* TODO: when the plain tx or rx of peer is true, should I change
1281 	 * the attribute of controlled port
1282 	 */
1283 	if (body->prx)
1284 		wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE");
1285 
1286 	if (body->ptx)
1287 		wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE");
1288 
1289 	/* check latest key is valid */
1290 	if (body->ltx || body->lrx) {
1291 		founded = FALSE;
1292 		os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
1293 		ki.kn = ntohl(body->lkn);
1294 		dl_list_for_each(sa_key, &participant->sak_list,
1295 				 struct data_key, list) {
1296 			if (is_ki_equal(&sa_key->key_identifier, &ki)) {
1297 				founded = TRUE;
1298 				break;
1299 			}
1300 		}
1301 		if (!founded) {
1302 			wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
1303 			return -1;
1304 		}
1305 		if (os_memcmp(participant->lki.mi, body->lsrv_mi,
1306 			      sizeof(participant->lki.mi)) == 0 &&
1307 		    ntohl(body->lkn) == participant->lki.kn &&
1308 		    body->lan == participant->lan) {
1309 			peer->sak_used = TRUE;
1310 		}
1311 		if (body->ltx && peer->is_key_server) {
1312 			ieee802_1x_cp_set_servertransmitting(
1313 				participant->kay->cp, TRUE);
1314 			ieee802_1x_cp_sm_step(participant->kay->cp);
1315 		}
1316 	}
1317 
1318 	/* check old key is valid */
1319 	if (body->otx || body->orx) {
1320 		if (os_memcmp(participant->oki.mi, body->osrv_mi,
1321 			      sizeof(participant->oki.mi)) != 0 ||
1322 		    ntohl(body->okn) != participant->oki.kn ||
1323 		    body->oan != participant->oan) {
1324 			wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
1325 			return -1;
1326 		}
1327 	}
1328 
1329 	/* TODO: how to set the MACsec hardware when delay_protect is true */
1330 	if (body->delay_protect && (!ntohl(body->llpn) || !ntohl(body->olpn))) {
1331 		wpa_printf(MSG_WARNING,
1332 			   "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
1333 		return -1;
1334 	}
1335 
1336 	/* check all live peer have used the sak for receiving sa */
1337 	all_receiving = TRUE;
1338 	dl_list_for_each(peer, &participant->live_peers,
1339 			 struct ieee802_1x_kay_peer, list) {
1340 		if (!peer->sak_used) {
1341 			all_receiving = FALSE;
1342 			break;
1343 		}
1344 	}
1345 	if (all_receiving) {
1346 		participant->to_dist_sak = FALSE;
1347 		ieee802_1x_cp_set_allreceiving(participant->kay->cp, TRUE);
1348 		ieee802_1x_cp_sm_step(participant->kay->cp);
1349 	}
1350 
1351 	/* if i'm key server, and detects peer member pn exhaustion, rekey.*/
1352 	lpn = ntohl(body->llpn);
1353 	if (lpn > participant->kay->pn_exhaustion) {
1354 		if (participant->is_key_server) {
1355 			participant->new_sak = TRUE;
1356 			wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion");
1357 		}
1358 	}
1359 
1360 	founded = FALSE;
1361 	dl_list_for_each(txsa, &participant->txsc->sa_list,
1362 			 struct transmit_sa, list) {
1363 		if (sa_key != NULL && txsa->pkey == sa_key) {
1364 			founded = TRUE;
1365 			break;
1366 		}
1367 	}
1368 	if (!founded) {
1369 		wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
1370 		return -1;
1371 	}
1372 
1373 	/* FIXME: Secy creates txsa with default npn. If MKA detected Latest Key
1374 	 * npn is larger than txsa's npn, set it to txsa.
1375 	 */
1376 	secy_get_transmit_next_pn(participant->kay, txsa);
1377 	if (lpn > txsa->next_pn) {
1378 		secy_set_transmit_next_pn(participant->kay, txsa);
1379 		wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
1380 	}
1381 
1382 	return 0;
1383 }
1384 
1385 
1386 /**
1387  * ieee802_1x_mka_dist_sak_body_present
1388  */
1389 static Boolean
1390 ieee802_1x_mka_dist_sak_body_present(
1391 	struct ieee802_1x_mka_participant *participant)
1392 {
1393 	if (!participant->to_dist_sak || !participant->new_key)
1394 		return FALSE;
1395 
1396 	return TRUE;
1397 }
1398 
1399 
1400 /**
1401  * ieee802_1x_kay_get_dist_sak_length
1402  */
1403 static int
1404 ieee802_1x_mka_get_dist_sak_length(
1405 	struct ieee802_1x_mka_participant *participant)
1406 {
1407 	int length;
1408 	int cs_index = participant->kay->macsec_csindex;
1409 
1410 	if (participant->advised_desired) {
1411 		length = sizeof(struct ieee802_1x_mka_dist_sak_body);
1412 		if (cs_index != DEFAULT_CS_INDEX)
1413 			length += CS_ID_LEN;
1414 
1415 		length += cipher_suite_tbl[cs_index].sak_len + 8;
1416 	} else {
1417 		length = MKA_HDR_LEN;
1418 	}
1419 	length = (length + 0x3) & ~0x3;
1420 
1421 	return length;
1422 }
1423 
1424 
1425 /**
1426  * ieee802_1x_mka_encode_dist_sak_body -
1427  */
1428 static int
1429 ieee802_1x_mka_encode_dist_sak_body(
1430 	struct ieee802_1x_mka_participant *participant,
1431 	struct wpabuf *buf)
1432 {
1433 	struct ieee802_1x_mka_dist_sak_body *body;
1434 	struct data_key *sak;
1435 	unsigned int length;
1436 	int cs_index;
1437 	int sak_pos;
1438 
1439 	length = ieee802_1x_mka_get_dist_sak_length(participant);
1440 	body = wpabuf_put(buf, length);
1441 	body->type = MKA_DISTRIBUTED_SAK;
1442 	set_mka_param_body_len(body, length - MKA_HDR_LEN);
1443 	if (length == MKA_HDR_LEN) {
1444 		body->confid_offset = 0;
1445 		body->dan = 0;
1446 		return 0;
1447 	}
1448 
1449 	sak = participant->new_key;
1450 	body->confid_offset = sak->confidentiality_offset;
1451 	body->dan = sak->an;
1452 	body->kn = host_to_be32(sak->key_identifier.kn);
1453 	cs_index = participant->kay->macsec_csindex;
1454 	sak_pos = 0;
1455 	if (cs_index != DEFAULT_CS_INDEX) {
1456 		os_memcpy(body->sak, cipher_suite_tbl[cs_index].id, CS_ID_LEN);
1457 		sak_pos = CS_ID_LEN;
1458 	}
1459 	if (aes_wrap(participant->kek.key, 16,
1460 		     cipher_suite_tbl[cs_index].sak_len / 8,
1461 		     sak->key, body->sak + sak_pos)) {
1462 		wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
1463 		return -1;
1464 	}
1465 
1466 	ieee802_1x_mka_dump_dist_sak_body(body);
1467 
1468 	return 0;
1469 }
1470 
1471 
1472 /**
1473  * ieee802_1x_kay_init_data_key -
1474  */
1475 static struct data_key *
1476 ieee802_1x_kay_init_data_key(const struct key_conf *conf)
1477 {
1478 	struct data_key *pkey;
1479 
1480 	if (!conf)
1481 		return NULL;
1482 
1483 	pkey = os_zalloc(sizeof(*pkey));
1484 	if (pkey == NULL) {
1485 		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
1486 		return NULL;
1487 	}
1488 
1489 	pkey->key = os_zalloc(conf->key_len);
1490 	if (pkey->key == NULL) {
1491 		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
1492 		os_free(pkey);
1493 		return NULL;
1494 	}
1495 
1496 	os_memcpy(pkey->key, conf->key, conf->key_len);
1497 	os_memcpy(&pkey->key_identifier, &conf->ki,
1498 		  sizeof(pkey->key_identifier));
1499 	pkey->confidentiality_offset = conf->offset;
1500 	pkey->an = conf->an;
1501 	pkey->transmits = conf->tx;
1502 	pkey->receives = conf->rx;
1503 	os_get_time(&pkey->created_time);
1504 
1505 	pkey->user = 1;
1506 
1507 	return pkey;
1508 }
1509 
1510 
1511 /**
1512  * ieee802_1x_kay_decode_dist_sak_body -
1513  */
1514 static int
1515 ieee802_1x_mka_decode_dist_sak_body(
1516 	struct ieee802_1x_mka_participant *participant,
1517 	const u8 *mka_msg, size_t msg_len)
1518 {
1519 	struct ieee802_1x_mka_hdr *hdr;
1520 	struct ieee802_1x_mka_dist_sak_body *body;
1521 	struct ieee802_1x_kay_peer *peer;
1522 	struct macsec_ciphersuite *cs;
1523 	size_t body_len;
1524 	struct key_conf *conf;
1525 	struct data_key *sa_key = NULL;
1526 	struct ieee802_1x_mka_ki sak_ki;
1527 	int sak_len;
1528 	u8 *wrap_sak;
1529 	u8 *unwrap_sak;
1530 
1531 	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1532 	body_len = get_mka_param_body_len(hdr);
1533 	if ((body_len != 0) && (body_len != 28) && (body_len < 36)) {
1534 		wpa_printf(MSG_ERROR,
1535 			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 28, 36, or more octets",
1536 			   (int) body_len);
1537 		return -1;
1538 	}
1539 
1540 	if (!participant->principal) {
1541 		wpa_printf(MSG_ERROR,
1542 			   "KaY: I can't accept the distributed SAK as I am not principal");
1543 		return -1;
1544 	}
1545 	if (participant->is_key_server) {
1546 		wpa_printf(MSG_ERROR,
1547 			   "KaY: I can't accept the distributed SAK as myself is key server ");
1548 		return -1;
1549 	}
1550 	if (!participant->kay->macsec_desired ||
1551 	    participant->kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
1552 		wpa_printf(MSG_ERROR,
1553 			   "KaY: I am not MACsec-desired or without MACsec capable");
1554 		return -1;
1555 	}
1556 
1557 	peer = ieee802_1x_kay_get_live_peer(participant,
1558 					    participant->current_peer_id.mi);
1559 	if (!peer) {
1560 		wpa_printf(MSG_ERROR,
1561 			   "KaY: The key server is not in my live peers list");
1562 		return -1;
1563 	}
1564 	if (os_memcmp(&participant->kay->key_server_sci,
1565 		      &peer->sci, sizeof(struct ieee802_1x_mka_sci)) != 0) {
1566 		wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
1567 		return -1;
1568 	}
1569 	if (body_len == 0) {
1570 		participant->kay->authenticated = TRUE;
1571 		participant->kay->secured = FALSE;
1572 		participant->kay->failed = FALSE;
1573 		participant->advised_desired = FALSE;
1574 		ieee802_1x_cp_connect_authenticated(participant->kay->cp);
1575 		ieee802_1x_cp_sm_step(participant->kay->cp);
1576 		wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
1577 		participant->to_use_sak = TRUE;
1578 		return 0;
1579 	}
1580 	participant->advised_desired = TRUE;
1581 	participant->kay->authenticated = FALSE;
1582 	participant->kay->secured = TRUE;
1583 	participant->kay->failed = FALSE;
1584 	ieee802_1x_cp_connect_secure(participant->kay->cp);
1585 	ieee802_1x_cp_sm_step(participant->kay->cp);
1586 
1587 	body = (struct ieee802_1x_mka_dist_sak_body *)mka_msg;
1588 	ieee802_1x_mka_dump_dist_sak_body(body);
1589 	dl_list_for_each(sa_key, &participant->sak_list, struct data_key, list)
1590 	{
1591 		if (os_memcmp(sa_key->key_identifier.mi,
1592 			      participant->current_peer_id.mi, MI_LEN) == 0 &&
1593 		    sa_key->key_identifier.kn == be_to_host32(body->kn)) {
1594 			wpa_printf(MSG_WARNING, "KaY:The Key has installed");
1595 			return 0;
1596 		}
1597 	}
1598 	if (body_len == 28) {
1599 		sak_len = DEFAULT_SA_KEY_LEN;
1600 		wrap_sak =  body->sak;
1601 		participant->kay->macsec_csindex = DEFAULT_CS_INDEX;
1602 	} else {
1603 		cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
1604 		if (!cs) {
1605 			wpa_printf(MSG_ERROR,
1606 				   "KaY: I can't support the Cipher Suite advised by key server");
1607 			return -1;
1608 		}
1609 		sak_len = cs->sak_len;
1610 		wrap_sak = body->sak + CS_ID_LEN;
1611 		participant->kay->macsec_csindex = cs->index;
1612 	}
1613 
1614 	unwrap_sak = os_zalloc(sak_len);
1615 	if (!unwrap_sak) {
1616 		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1617 		return -1;
1618 	}
1619 	if (aes_unwrap(participant->kek.key, 16, sak_len >> 3, wrap_sak,
1620 		       unwrap_sak)) {
1621 		wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
1622 		os_free(unwrap_sak);
1623 		return -1;
1624 	}
1625 	wpa_hexdump(MSG_DEBUG, "\tAES Key Unwrap of SAK:", unwrap_sak, sak_len);
1626 
1627 	conf = os_zalloc(sizeof(*conf));
1628 	if (!conf) {
1629 		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1630 		os_free(unwrap_sak);
1631 		return -1;
1632 	}
1633 	conf->key_len = sak_len;
1634 
1635 	conf->key = os_zalloc(conf->key_len);
1636 	if (!conf->key) {
1637 		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1638 		os_free(unwrap_sak);
1639 		os_free(conf);
1640 		return -1;
1641 	}
1642 
1643 	os_memcpy(conf->key, unwrap_sak, conf->key_len);
1644 
1645 	os_memcpy(&sak_ki.mi, &participant->current_peer_id.mi,
1646 		  sizeof(sak_ki.mi));
1647 	sak_ki.kn = be_to_host32(body->kn);
1648 
1649 	os_memcpy(conf->ki.mi, sak_ki.mi, MI_LEN);
1650 	conf->ki.kn = sak_ki.kn;
1651 	conf->an = body->dan;
1652 	conf->offset = body->confid_offset;
1653 	conf->rx = TRUE;
1654 	conf->tx = TRUE;
1655 
1656 	sa_key = ieee802_1x_kay_init_data_key(conf);
1657 	if (!sa_key) {
1658 		os_free(unwrap_sak);
1659 		os_free(conf->key);
1660 		os_free(conf);
1661 		return -1;
1662 	}
1663 
1664 	dl_list_add(&participant->sak_list, &sa_key->list);
1665 
1666 	ieee802_1x_cp_set_ciphersuite(
1667 		participant->kay->cp,
1668 		cipher_suite_tbl[participant->kay->macsec_csindex].id);
1669 	ieee802_1x_cp_sm_step(participant->kay->cp);
1670 	ieee802_1x_cp_set_offset(participant->kay->cp, body->confid_offset);
1671 	ieee802_1x_cp_sm_step(participant->kay->cp);
1672 	ieee802_1x_cp_set_distributedki(participant->kay->cp, &sak_ki);
1673 	ieee802_1x_cp_set_distributedan(participant->kay->cp, body->dan);
1674 	ieee802_1x_cp_signal_newsak(participant->kay->cp);
1675 	ieee802_1x_cp_sm_step(participant->kay->cp);
1676 
1677 	participant->to_use_sak = TRUE;
1678 
1679 	os_free(unwrap_sak);
1680 	os_free(conf->key);
1681 	os_free(conf);
1682 
1683 	return 0;
1684 }
1685 
1686 
1687 /**
1688  * ieee802_1x_mka_icv_body_present
1689  */
1690 static Boolean
1691 ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant)
1692 {
1693 	return TRUE;
1694 }
1695 
1696 
1697 /**
1698  * ieee802_1x_kay_get_icv_length
1699  */
1700 static int
1701 ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant)
1702 {
1703 	int length;
1704 
1705 	length = sizeof(struct ieee802_1x_mka_icv_body);
1706 	length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
1707 
1708 	return (length + 0x3) & ~0x3;
1709 }
1710 
1711 
1712 /**
1713  * ieee802_1x_mka_encode_icv_body -
1714  */
1715 static int
1716 ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
1717 			       struct wpabuf *buf)
1718 {
1719 	struct ieee802_1x_mka_icv_body *body;
1720 	unsigned int length;
1721 	u8 cmac[MAX_ICV_LEN];
1722 
1723 	length = ieee802_1x_mka_get_icv_length(participant);
1724 	if (length != DEFAULT_ICV_LEN)  {
1725 		body = wpabuf_put(buf, MKA_HDR_LEN);
1726 		body->type = MKA_ICV_INDICATOR;
1727 		set_mka_param_body_len(body, length - MKA_HDR_LEN);
1728 	}
1729 
1730 	if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
1731 		    participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
1732 		wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
1733 		return -1;
1734 	}
1735 
1736 	if (length != DEFAULT_ICV_LEN)  {
1737 		os_memcpy(wpabuf_put(buf, length - MKA_HDR_LEN), cmac,
1738 			  length - MKA_HDR_LEN);
1739 	} else {
1740 		os_memcpy(wpabuf_put(buf, length), cmac, length);
1741 	}
1742 
1743 	return 0;
1744 }
1745 
1746 /**
1747  * ieee802_1x_mka_decode_icv_body -
1748  */
1749 static u8 *
1750 ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
1751 			       const u8 *mka_msg, size_t msg_len)
1752 {
1753 	struct ieee802_1x_mka_hdr *hdr;
1754 	struct ieee802_1x_mka_icv_body *body;
1755 	size_t body_len;
1756 	size_t left_len;
1757 	int body_type;
1758 	const u8 *pos;
1759 
1760 	pos = mka_msg;
1761 	left_len = msg_len;
1762 	while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
1763 		hdr = (struct ieee802_1x_mka_hdr *) pos;
1764 		body_len = get_mka_param_body_len(hdr);
1765 		body_type = get_mka_param_body_type(hdr);
1766 
1767 		if (left_len < (body_len + MKA_HDR_LEN))
1768 			break;
1769 
1770 		if (body_type != MKA_ICV_INDICATOR) {
1771 			left_len -= MKA_HDR_LEN + body_len;
1772 			pos += MKA_HDR_LEN + body_len;
1773 			continue;
1774 		}
1775 
1776 		body = (struct ieee802_1x_mka_icv_body *)pos;
1777 		if (body_len
1778 			< mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
1779 			return NULL;
1780 		}
1781 
1782 		return body->icv;
1783 	}
1784 
1785 	return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN);
1786 }
1787 
1788 
1789 /**
1790  * ieee802_1x_mka_decode_dist_cak_body-
1791  */
1792 static int
1793 ieee802_1x_mka_decode_dist_cak_body(
1794 	struct ieee802_1x_mka_participant *participant,
1795 	const u8 *mka_msg, size_t msg_len)
1796 {
1797 	struct ieee802_1x_mka_hdr *hdr;
1798 	size_t body_len;
1799 
1800 	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1801 	body_len = get_mka_param_body_len(hdr);
1802 	if (body_len < 28) {
1803 		wpa_printf(MSG_ERROR,
1804 			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 28 or more octets",
1805 			   (int) body_len);
1806 		return -1;
1807 	}
1808 
1809 	return 0;
1810 }
1811 
1812 
1813 /**
1814  * ieee802_1x_mka_decode_kmd_body -
1815  */
1816 static int
1817 ieee802_1x_mka_decode_kmd_body(
1818 	struct ieee802_1x_mka_participant *participant,
1819 	const u8 *mka_msg, size_t msg_len)
1820 {
1821 	struct ieee802_1x_mka_hdr *hdr;
1822 	size_t body_len;
1823 
1824 	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1825 	body_len = get_mka_param_body_len(hdr);
1826 	if (body_len < 5) {
1827 		wpa_printf(MSG_ERROR,
1828 			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 5 or more octets",
1829 			   (int) body_len);
1830 		return -1;
1831 	}
1832 
1833 	return 0;
1834 }
1835 
1836 
1837 /**
1838  * ieee802_1x_mka_decode_announce_body -
1839  */
1840 static int ieee802_1x_mka_decode_announce_body(
1841 	struct ieee802_1x_mka_participant *participant,
1842 	const u8 *mka_msg, size_t msg_len)
1843 {
1844 	return 0;
1845 }
1846 
1847 
1848 static struct mka_param_body_handler mak_body_handler[] = {
1849 	/* basic parameter set */
1850 	{
1851 		ieee802_1x_mka_encode_basic_body,
1852 		NULL,
1853 		ieee802_1x_mka_basic_body_length,
1854 		ieee802_1x_mka_basic_body_present
1855 	},
1856 
1857 	/* live peer list parameter set */
1858 	{
1859 		ieee802_1x_mka_encode_live_peer_body,
1860 		ieee802_1x_mka_decode_live_peer_body,
1861 		ieee802_1x_mka_get_live_peer_length,
1862 		ieee802_1x_mka_live_peer_body_present
1863 	},
1864 
1865 	/* potential peer list parameter set */
1866 	{
1867 		ieee802_1x_mka_encode_potential_peer_body,
1868 		ieee802_1x_mka_decode_potential_peer_body,
1869 		ieee802_1x_mka_get_potential_peer_length,
1870 		ieee802_1x_mka_potential_peer_body_present
1871 	},
1872 
1873 	/* sak use parameter set */
1874 	{
1875 		ieee802_1x_mka_encode_sak_use_body,
1876 		ieee802_1x_mka_decode_sak_use_body,
1877 		ieee802_1x_mka_get_sak_use_length,
1878 		ieee802_1x_mka_sak_use_body_present
1879 	},
1880 
1881 	/* distribute sak parameter set */
1882 	{
1883 		ieee802_1x_mka_encode_dist_sak_body,
1884 		ieee802_1x_mka_decode_dist_sak_body,
1885 		ieee802_1x_mka_get_dist_sak_length,
1886 		ieee802_1x_mka_dist_sak_body_present
1887 	},
1888 
1889 	/* distribute cak parameter set */
1890 	{
1891 		NULL,
1892 		ieee802_1x_mka_decode_dist_cak_body,
1893 		NULL,
1894 		NULL
1895 	},
1896 
1897 	/* kmd parameter set */
1898 	{
1899 		NULL,
1900 		ieee802_1x_mka_decode_kmd_body,
1901 		NULL,
1902 		NULL
1903 	},
1904 
1905 	/* announce parameter set */
1906 	{
1907 		NULL,
1908 		ieee802_1x_mka_decode_announce_body,
1909 		NULL,
1910 		NULL
1911 	},
1912 
1913 	/* icv parameter set */
1914 	{
1915 		ieee802_1x_mka_encode_icv_body,
1916 		NULL,
1917 		ieee802_1x_mka_get_icv_length,
1918 		ieee802_1x_mka_icv_body_present
1919 	},
1920 };
1921 
1922 
1923 /**
1924  * ieee802_1x_kay_deinit_data_key -
1925  */
1926 void ieee802_1x_kay_deinit_data_key(struct data_key *pkey)
1927 {
1928 	if (!pkey)
1929 		return;
1930 
1931 	pkey->user--;
1932 	if (pkey->user > 1)
1933 		return;
1934 
1935 	dl_list_del(&pkey->list);
1936 	os_free(pkey->key);
1937 	os_free(pkey);
1938 }
1939 
1940 
1941 /**
1942  * ieee802_1x_kay_generate_new_sak -
1943  */
1944 static int
1945 ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
1946 {
1947 	struct data_key *sa_key = NULL;
1948 	struct key_conf *conf;
1949 	struct ieee802_1x_kay_peer *peer;
1950 	struct ieee802_1x_kay *kay = participant->kay;
1951 	int ctx_len, ctx_offset;
1952 	u8 *context;
1953 
1954 	/* check condition for generating a fresh SAK:
1955 	 * must have one live peer
1956 	 * and MKA life time elapse since last distribution
1957 	 * or potential peer is empty
1958 	 */
1959 	if (dl_list_empty(&participant->live_peers)) {
1960 		wpa_printf(MSG_ERROR,
1961 			   "KaY: Live peers list must not empty when generating fresh SAK");
1962 		return -1;
1963 	}
1964 
1965 	/* FIXME: A fresh SAK not generated until
1966 	 * the live peer list contains at least one peer and
1967 	 * MKA life time has elapsed since the prior SAK was first distributed,
1968 	 * or the Key server's potential peer is empty
1969 	 * but I can't understand the second item, so
1970 	 * here only check first item and ingore
1971 	 *   && (!dl_list_empty(&participant->potential_peers))) {
1972 	 */
1973 	if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
1974 		wpa_printf(MSG_ERROR,
1975 			   "KaY: Life time have not elapsed since prior SAK distributed");
1976 		return -1;
1977 	}
1978 
1979 	conf = os_zalloc(sizeof(*conf));
1980 	if (!conf) {
1981 		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1982 		return -1;
1983 	}
1984 	conf->key_len = cipher_suite_tbl[kay->macsec_csindex].sak_len;
1985 
1986 	conf->key = os_zalloc(conf->key_len);
1987 	if (!conf->key) {
1988 		os_free(conf);
1989 		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1990 		return -1;
1991 	}
1992 
1993 	ctx_len = conf->key_len + sizeof(kay->dist_kn);
1994 	dl_list_for_each(peer, &participant->live_peers,
1995 			 struct ieee802_1x_kay_peer, list)
1996 		ctx_len += sizeof(peer->mi);
1997 	ctx_len += sizeof(participant->mi);
1998 
1999 	context = os_zalloc(ctx_len);
2000 	if (!context) {
2001 		os_free(conf->key);
2002 		os_free(conf);
2003 		return -1;
2004 	}
2005 	ctx_offset = 0;
2006 	if (os_get_random(context + ctx_offset, conf->key_len) < 0) {
2007 		os_free(context);
2008 		os_free(conf->key);
2009 		os_free(conf);
2010 		return -1;
2011 	}
2012 	ctx_offset += conf->key_len;
2013 	dl_list_for_each(peer, &participant->live_peers,
2014 			 struct ieee802_1x_kay_peer, list) {
2015 		os_memcpy(context + ctx_offset, peer->mi, sizeof(peer->mi));
2016 		ctx_offset += sizeof(peer->mi);
2017 	}
2018 	os_memcpy(context + ctx_offset, participant->mi,
2019 		  sizeof(participant->mi));
2020 	ctx_offset += sizeof(participant->mi);
2021 	os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
2022 
2023 	if (conf->key_len == 16) {
2024 		ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2025 						context, ctx_len, conf->key);
2026 	} else if (conf->key_len == 32) {
2027 		ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2028 						context, ctx_len, conf->key);
2029 	} else {
2030 		wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
2031 		os_free(conf->key);
2032 		os_free(conf);
2033 		os_free(context);
2034 		return -1;
2035 	}
2036 	wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK",
2037 		    conf->key, conf->key_len);
2038 
2039 	os_memcpy(conf->ki.mi, participant->mi, MI_LEN);
2040 	conf->ki.kn = participant->kay->dist_kn;
2041 	conf->an = participant->kay->dist_an;
2042 	conf->offset = kay->macsec_confidentiality;
2043 	conf->rx = TRUE;
2044 	conf->tx = TRUE;
2045 
2046 	sa_key = ieee802_1x_kay_init_data_key(conf);
2047 	if (!sa_key) {
2048 		os_free(conf->key);
2049 		os_free(conf);
2050 		os_free(context);
2051 		return -1;
2052 	}
2053 	participant->new_key = sa_key;
2054 
2055 	dl_list_add(&participant->sak_list, &sa_key->list);
2056 	ieee802_1x_cp_set_ciphersuite(participant->kay->cp,
2057 				      cipher_suite_tbl[kay->macsec_csindex].id);
2058 	ieee802_1x_cp_sm_step(kay->cp);
2059 	ieee802_1x_cp_set_offset(kay->cp, conf->offset);
2060 	ieee802_1x_cp_sm_step(kay->cp);
2061 	ieee802_1x_cp_set_distributedki(kay->cp, &conf->ki);
2062 	ieee802_1x_cp_set_distributedan(kay->cp, conf->an);
2063 	ieee802_1x_cp_signal_newsak(kay->cp);
2064 	ieee802_1x_cp_sm_step(kay->cp);
2065 
2066 	dl_list_for_each(peer, &participant->live_peers,
2067 			 struct ieee802_1x_kay_peer, list)
2068 		peer->sak_used = FALSE;
2069 
2070 	participant->kay->dist_kn++;
2071 	participant->kay->dist_an++;
2072 	if (participant->kay->dist_an > 3)
2073 		participant->kay->dist_an = 0;
2074 
2075 	participant->kay->dist_time = time(NULL);
2076 
2077 	os_free(conf->key);
2078 	os_free(conf);
2079 	os_free(context);
2080 	return 0;
2081 }
2082 
2083 
2084 /**
2085  * ieee802_1x_kay_elect_key_server - elect the key server
2086  * when to elect: whenever the live peers list changes
2087  */
2088 static int
2089 ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
2090 {
2091 	struct ieee802_1x_kay_peer *peer;
2092 	struct ieee802_1x_kay_peer *key_server = NULL;
2093 	struct ieee802_1x_kay *kay = participant->kay;
2094 	Boolean i_is_key_server;
2095 	int i;
2096 
2097 	if (participant->is_obliged_key_server) {
2098 		participant->new_sak = TRUE;
2099 		participant->to_dist_sak = FALSE;
2100 		ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2101 		return 0;
2102 	}
2103 
2104 	/* elect the key server among the peers */
2105 	dl_list_for_each(peer, &participant->live_peers,
2106 			 struct ieee802_1x_kay_peer, list) {
2107 		if (!peer->is_key_server)
2108 			continue;
2109 
2110 		if (!key_server) {
2111 			key_server = peer;
2112 			continue;
2113 		}
2114 
2115 		if (peer->key_server_priority <
2116 		    key_server->key_server_priority) {
2117 			key_server = peer;
2118 		} else if (peer->key_server_priority ==
2119 			   key_server->key_server_priority) {
2120 			for (i = 0; i < 6; i++) {
2121 				if (peer->sci.addr[i] <
2122 				    key_server->sci.addr[i])
2123 					key_server = peer;
2124 			}
2125 		}
2126 	}
2127 
2128 	/* elect the key server between me and the above elected peer */
2129 	i_is_key_server = FALSE;
2130 	if (key_server && participant->can_be_key_server) {
2131 		if (kay->actor_priority
2132 			   < key_server->key_server_priority) {
2133 			i_is_key_server = TRUE;
2134 		} else if (kay->actor_priority
2135 					== key_server->key_server_priority) {
2136 			for (i = 0; i < 6; i++) {
2137 				if (kay->actor_sci.addr[i]
2138 					< key_server->sci.addr[i]) {
2139 					i_is_key_server = TRUE;
2140 				}
2141 			}
2142 		}
2143 	}
2144 
2145 	if (!key_server && !i_is_key_server) {
2146 		participant->principal = FALSE;
2147 		participant->is_key_server = FALSE;
2148 		participant->is_elected = FALSE;
2149 		return 0;
2150 	}
2151 
2152 	if (i_is_key_server) {
2153 		ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2154 		if (os_memcmp(&kay->key_server_sci, &kay->actor_sci,
2155 			      sizeof(kay->key_server_sci))) {
2156 			ieee802_1x_cp_signal_chgdserver(kay->cp);
2157 			ieee802_1x_cp_sm_step(kay->cp);
2158 		}
2159 
2160 		participant->is_key_server = TRUE;
2161 		participant->principal = TRUE;
2162 		participant->new_sak = TRUE;
2163 		wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
2164 		participant->to_dist_sak = FALSE;
2165 		participant->is_elected = TRUE;
2166 
2167 		os_memcpy(&kay->key_server_sci, &kay->actor_sci,
2168 			  sizeof(kay->key_server_sci));
2169 		kay->key_server_priority = kay->actor_priority;
2170 	}
2171 
2172 	if (key_server) {
2173 		ieee802_1x_cp_set_electedself(kay->cp, FALSE);
2174 		if (os_memcmp(&kay->key_server_sci, &key_server->sci,
2175 			      sizeof(kay->key_server_sci))) {
2176 			ieee802_1x_cp_signal_chgdserver(kay->cp);
2177 			ieee802_1x_cp_sm_step(kay->cp);
2178 		}
2179 
2180 		participant->is_key_server = FALSE;
2181 		participant->principal = TRUE;
2182 		participant->is_elected = TRUE;
2183 
2184 		os_memcpy(&kay->key_server_sci, &key_server->sci,
2185 			  sizeof(kay->key_server_sci));
2186 		kay->key_server_priority = key_server->key_server_priority;
2187 	}
2188 
2189 	return 0;
2190 }
2191 
2192 
2193 /**
2194  * ieee802_1x_kay_decide_macsec_use - the key server determinate
2195  *		 how to use MACsec: whether use MACsec and its capability
2196  * protectFrames will be advised if the key server and one of its live peers are
2197  * MACsec capable and one of those request MACsec protection
2198  */
2199 static int
2200 ieee802_1x_kay_decide_macsec_use(
2201 	struct ieee802_1x_mka_participant *participant)
2202 {
2203 	struct ieee802_1x_kay *kay = participant->kay;
2204 	struct ieee802_1x_kay_peer *peer;
2205 	enum macsec_cap less_capability;
2206 	Boolean has_peer;
2207 
2208 	if (!participant->is_key_server)
2209 		return -1;
2210 
2211 	/* key server self is MACsec-desired and requesting MACsec */
2212 	if (!kay->macsec_desired) {
2213 		participant->advised_desired = FALSE;
2214 		return -1;
2215 	}
2216 	if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
2217 		participant->advised_desired = FALSE;
2218 		return -1;
2219 	}
2220 	less_capability = kay->macsec_capable;
2221 
2222 	/* at least one of peers is MACsec-desired and requesting MACsec */
2223 	has_peer = FALSE;
2224 	dl_list_for_each(peer, &participant->live_peers,
2225 			 struct ieee802_1x_kay_peer, list) {
2226 		if (!peer->macsec_desired)
2227 			continue;
2228 
2229 		if (peer->macsec_capbility == MACSEC_CAP_NOT_IMPLEMENTED)
2230 			continue;
2231 
2232 		less_capability = (less_capability < peer->macsec_capbility) ?
2233 			less_capability : peer->macsec_capbility;
2234 		has_peer = TRUE;
2235 	}
2236 
2237 	if (has_peer) {
2238 		participant->advised_desired = TRUE;
2239 		participant->advised_capability = less_capability;
2240 		kay->authenticated = FALSE;
2241 		kay->secured = TRUE;
2242 		kay->failed = FALSE;
2243 		ieee802_1x_cp_connect_secure(kay->cp);
2244 		ieee802_1x_cp_sm_step(kay->cp);
2245 	} else {
2246 		participant->advised_desired = FALSE;
2247 		participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED;
2248 		participant->to_use_sak = FALSE;
2249 		kay->authenticated = TRUE;
2250 		kay->secured = FALSE;
2251 		kay->failed = FALSE;
2252 		kay->ltx_kn = 0;
2253 		kay->ltx_an = 0;
2254 		kay->lrx_kn = 0;
2255 		kay->lrx_an = 0;
2256 		kay->otx_kn = 0;
2257 		kay->otx_an = 0;
2258 		kay->orx_kn = 0;
2259 		kay->orx_an = 0;
2260 		ieee802_1x_cp_connect_authenticated(kay->cp);
2261 		ieee802_1x_cp_sm_step(kay->cp);
2262 	}
2263 
2264 	return 0;
2265 }
2266 
2267 static const u8 pae_group_addr[ETH_ALEN] = {
2268 	0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
2269 };
2270 
2271 
2272 /**
2273  * ieee802_1x_kay_encode_mkpdu -
2274  */
2275 static int
2276 ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant,
2277 			    struct wpabuf *pbuf)
2278 {
2279 	unsigned int i;
2280 	struct ieee8023_hdr *ether_hdr;
2281 	struct ieee802_1x_hdr *eapol_hdr;
2282 
2283 	ether_hdr = wpabuf_put(pbuf, sizeof(*ether_hdr));
2284 	os_memcpy(ether_hdr->dest, pae_group_addr, sizeof(ether_hdr->dest));
2285 	os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
2286 		  sizeof(ether_hdr->dest));
2287 	ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL);
2288 
2289 	eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr));
2290 	eapol_hdr->version = EAPOL_VERSION;
2291 	eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
2292 	eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
2293 
2294 	for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
2295 		if (mak_body_handler[i].body_present &&
2296 		    mak_body_handler[i].body_present(participant)) {
2297 			if (mak_body_handler[i].body_tx(participant, pbuf))
2298 				return -1;
2299 		}
2300 	}
2301 
2302 	return 0;
2303 }
2304 
2305 /**
2306  * ieee802_1x_participant_send_mkpdu -
2307  */
2308 static int
2309 ieee802_1x_participant_send_mkpdu(
2310 	struct ieee802_1x_mka_participant *participant)
2311 {
2312 	struct wpabuf *buf;
2313 	struct ieee802_1x_kay *kay = participant->kay;
2314 	size_t length = 0;
2315 	unsigned int i;
2316 
2317 	wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
2318 	length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
2319 	for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
2320 		if (mak_body_handler[i].body_present &&
2321 		    mak_body_handler[i].body_present(participant))
2322 			length += mak_body_handler[i].body_length(participant);
2323 	}
2324 
2325 	buf = wpabuf_alloc(length);
2326 	if (!buf) {
2327 		wpa_printf(MSG_ERROR, "KaY: out of memory");
2328 		return -1;
2329 	}
2330 
2331 	if (ieee802_1x_kay_encode_mkpdu(participant, buf)) {
2332 		wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
2333 		return -1;
2334 	}
2335 
2336 	l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
2337 	wpabuf_free(buf);
2338 
2339 	kay->active = TRUE;
2340 	participant->active = TRUE;
2341 
2342 	return 0;
2343 }
2344 
2345 
2346 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa);
2347 /**
2348  * ieee802_1x_participant_timer -
2349  */
2350 static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
2351 {
2352 	struct ieee802_1x_mka_participant *participant;
2353 	struct ieee802_1x_kay *kay;
2354 	struct ieee802_1x_kay_peer *peer, *pre_peer;
2355 	time_t now = time(NULL);
2356 	Boolean lp_changed;
2357 	struct receive_sc *rxsc, *pre_rxsc;
2358 	struct transmit_sa *txsa, *pre_txsa;
2359 
2360 	participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
2361 	kay = participant->kay;
2362 	if (participant->cak_life) {
2363 		if (now > participant->cak_life) {
2364 			kay->authenticated = FALSE;
2365 			kay->secured = FALSE;
2366 			kay->failed = TRUE;
2367 			ieee802_1x_kay_delete_mka(kay, &participant->ckn);
2368 			return;
2369 		}
2370 	}
2371 
2372 	/* should delete MKA instance if there are not live peers
2373 	 * when the MKA life elapsed since its creating */
2374 	if (participant->mka_life) {
2375 		if (dl_list_empty(&participant->live_peers)) {
2376 			if (now > participant->mka_life) {
2377 				kay->authenticated = FALSE;
2378 				kay->secured = FALSE;
2379 				kay->failed = TRUE;
2380 				ieee802_1x_kay_delete_mka(kay,
2381 							  &participant->ckn);
2382 				return;
2383 			}
2384 		} else {
2385 			participant->mka_life = 0;
2386 		}
2387 	}
2388 
2389 	lp_changed = FALSE;
2390 	dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
2391 			      struct ieee802_1x_kay_peer, list) {
2392 		if (now > peer->expire) {
2393 			wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
2394 			wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2395 				    sizeof(peer->mi));
2396 			wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2397 			dl_list_for_each_safe(rxsc, pre_rxsc,
2398 					      &participant->rxsc_list,
2399 					      struct receive_sc, list) {
2400 				if (os_memcmp(&rxsc->sci, &peer->sci,
2401 					      sizeof(rxsc->sci)) == 0) {
2402 					secy_delete_receive_sc(kay, rxsc);
2403 					ieee802_1x_kay_deinit_receive_sc(
2404 						participant, rxsc);
2405 				}
2406 			}
2407 			dl_list_del(&peer->list);
2408 			os_free(peer);
2409 			lp_changed = TRUE;
2410 		}
2411 	}
2412 
2413 	if (lp_changed) {
2414 		if (dl_list_empty(&participant->live_peers)) {
2415 			participant->advised_desired = FALSE;
2416 			participant->advised_capability =
2417 				MACSEC_CAP_NOT_IMPLEMENTED;
2418 			participant->to_use_sak = FALSE;
2419 			kay->authenticated = TRUE;
2420 			kay->secured = FALSE;
2421 			kay->failed = FALSE;
2422 			kay->ltx_kn = 0;
2423 			kay->ltx_an = 0;
2424 			kay->lrx_kn = 0;
2425 			kay->lrx_an = 0;
2426 			kay->otx_kn = 0;
2427 			kay->otx_an = 0;
2428 			kay->orx_kn = 0;
2429 			kay->orx_an = 0;
2430 			dl_list_for_each_safe(txsa, pre_txsa,
2431 					      &participant->txsc->sa_list,
2432 					      struct transmit_sa, list) {
2433 				secy_disable_transmit_sa(kay, txsa);
2434 				ieee802_1x_kay_deinit_transmit_sa(txsa);
2435 			}
2436 
2437 			ieee802_1x_cp_connect_authenticated(kay->cp);
2438 			ieee802_1x_cp_sm_step(kay->cp);
2439 		} else {
2440 			ieee802_1x_kay_elect_key_server(participant);
2441 			ieee802_1x_kay_decide_macsec_use(participant);
2442 		}
2443 	}
2444 
2445 	dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
2446 			      struct ieee802_1x_kay_peer, list) {
2447 		if (now > peer->expire) {
2448 			wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
2449 			wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2450 				    sizeof(peer->mi));
2451 			wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2452 			dl_list_del(&peer->list);
2453 			os_free(peer);
2454 		}
2455 	}
2456 
2457 	if (participant->new_sak) {
2458 		if (!ieee802_1x_kay_generate_new_sak(participant))
2459 			participant->to_dist_sak = TRUE;
2460 
2461 		participant->new_sak = FALSE;
2462 	}
2463 
2464 	if (participant->retry_count < MAX_RETRY_CNT) {
2465 		ieee802_1x_participant_send_mkpdu(participant);
2466 		participant->retry_count++;
2467 	}
2468 
2469 	eloop_register_timeout(MKA_HELLO_TIME / 1000, 0,
2470 			       ieee802_1x_participant_timer,
2471 			       participant, NULL);
2472 }
2473 
2474 
2475 /**
2476  * ieee802_1x_kay_init_transmit_sa -
2477  */
2478 static struct transmit_sa *
2479 ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN,
2480 				struct data_key *key)
2481 {
2482 	struct transmit_sa *psa;
2483 
2484 	key->tx_latest = TRUE;
2485 	key->rx_latest = TRUE;
2486 
2487 	psa = os_zalloc(sizeof(*psa));
2488 	if (!psa) {
2489 		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2490 		return NULL;
2491 	}
2492 
2493 	if (key->confidentiality_offset >= CONFIDENTIALITY_OFFSET_0 &&
2494 	    key->confidentiality_offset <= CONFIDENTIALITY_OFFSET_50)
2495 		psa->confidentiality = TRUE;
2496 	else
2497 		psa->confidentiality = FALSE;
2498 
2499 	psa->an = an;
2500 	psa->pkey = key;
2501 	psa->next_pn = next_PN;
2502 	psa->sc = psc;
2503 
2504 	os_get_time(&psa->created_time);
2505 	psa->in_use = FALSE;
2506 
2507 	dl_list_add(&psc->sa_list, &psa->list);
2508 	wpa_printf(MSG_DEBUG,
2509 		   "KaY: Create transmit SA(an: %d, next_PN: %u) of SC(channel: %d)",
2510 		   (int) an, next_PN, psc->channel);
2511 
2512 	return psa;
2513 }
2514 
2515 
2516 /**
2517  * ieee802_1x_kay_deinit_transmit_sa -
2518  */
2519 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa)
2520 {
2521 	psa->pkey = NULL;
2522 	wpa_printf(MSG_DEBUG,
2523 		   "KaY: Delete transmit SA(an: %d) of SC(channel: %d)",
2524 		   psa->an, psa->sc->channel);
2525 	dl_list_del(&psa->list);
2526 	os_free(psa);
2527 }
2528 
2529 
2530 /**
2531  * init_transmit_sc -
2532  */
2533 static struct transmit_sc *
2534 ieee802_1x_kay_init_transmit_sc(const struct ieee802_1x_mka_sci *sci,
2535 				int channel)
2536 {
2537 	struct transmit_sc *psc;
2538 
2539 	psc = os_zalloc(sizeof(*psc));
2540 	if (!psc) {
2541 		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2542 		return NULL;
2543 	}
2544 	os_memcpy(&psc->sci, sci, sizeof(psc->sci));
2545 	psc->channel = channel;
2546 
2547 	os_get_time(&psc->created_time);
2548 	psc->transmitting = FALSE;
2549 	psc->encoding_sa = FALSE;
2550 	psc->enciphering_sa = FALSE;
2551 
2552 	dl_list_init(&psc->sa_list);
2553 	wpa_printf(MSG_DEBUG, "KaY: Create transmit SC(channel: %d)", channel);
2554 	wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci));
2555 
2556 	return psc;
2557 }
2558 
2559 
2560 /**
2561  * ieee802_1x_kay_deinit_transmit_sc -
2562  */
2563 static void
2564 ieee802_1x_kay_deinit_transmit_sc(
2565 	struct ieee802_1x_mka_participant *participant, struct transmit_sc *psc)
2566 {
2567 	struct transmit_sa *psa, *tmp;
2568 
2569 	wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC(channel: %d)",
2570 		   psc->channel);
2571 	dl_list_for_each_safe(psa, tmp, &psc->sa_list, struct transmit_sa,
2572 			      list) {
2573 		secy_disable_transmit_sa(participant->kay, psa);
2574 		ieee802_1x_kay_deinit_transmit_sa(psa);
2575 	}
2576 
2577 	os_free(psc);
2578 }
2579 
2580 
2581 /****************** Interface between CP and KAY *********************/
2582 /**
2583  * ieee802_1x_kay_set_latest_sa_attr -
2584  */
2585 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
2586 				      struct ieee802_1x_mka_ki *lki, u8 lan,
2587 				      Boolean ltx, Boolean lrx)
2588 {
2589 	struct ieee802_1x_mka_participant *principal;
2590 
2591 	principal = ieee802_1x_kay_get_principal_participant(kay);
2592 	if (!principal)
2593 		return -1;
2594 
2595 	if (!lki)
2596 		os_memset(&principal->lki, 0, sizeof(principal->lki));
2597 	else
2598 		os_memcpy(&principal->lki, lki, sizeof(principal->lki));
2599 
2600 	principal->lan = lan;
2601 	principal->ltx = ltx;
2602 	principal->lrx = lrx;
2603 	if (!lki) {
2604 		kay->ltx_kn = 0;
2605 		kay->lrx_kn = 0;
2606 	} else {
2607 		kay->ltx_kn = lki->kn;
2608 		kay->lrx_kn = lki->kn;
2609 	}
2610 	kay->ltx_an = lan;
2611 	kay->lrx_an = lan;
2612 
2613 	return 0;
2614 }
2615 
2616 
2617 /**
2618  * ieee802_1x_kay_set_old_sa_attr -
2619  */
2620 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
2621 				   struct ieee802_1x_mka_ki *oki,
2622 				   u8 oan, Boolean otx, Boolean orx)
2623 {
2624 	struct ieee802_1x_mka_participant *principal;
2625 
2626 	principal = ieee802_1x_kay_get_principal_participant(kay);
2627 	if (!principal)
2628 		return -1;
2629 
2630 	if (!oki)
2631 		os_memset(&principal->oki, 0, sizeof(principal->oki));
2632 	else
2633 		os_memcpy(&principal->oki, oki, sizeof(principal->oki));
2634 
2635 	principal->oan = oan;
2636 	principal->otx = otx;
2637 	principal->orx = orx;
2638 
2639 	if (!oki) {
2640 		kay->otx_kn = 0;
2641 		kay->orx_kn = 0;
2642 	} else {
2643 		kay->otx_kn = oki->kn;
2644 		kay->orx_kn = oki->kn;
2645 	}
2646 	kay->otx_an = oan;
2647 	kay->orx_an = oan;
2648 
2649 	return 0;
2650 }
2651 
2652 
2653 /**
2654  * ieee802_1x_kay_create_sas -
2655  */
2656 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
2657 			      struct ieee802_1x_mka_ki *lki)
2658 {
2659 	struct data_key *sa_key, *latest_sak;
2660 	struct ieee802_1x_mka_participant *principal;
2661 	struct receive_sc *rxsc;
2662 	struct receive_sa *rxsa;
2663 	struct transmit_sa *txsa;
2664 
2665 	principal = ieee802_1x_kay_get_principal_participant(kay);
2666 	if (!principal)
2667 		return -1;
2668 
2669 	latest_sak = NULL;
2670 	dl_list_for_each(sa_key, &principal->sak_list, struct data_key, list) {
2671 		if (is_ki_equal(&sa_key->key_identifier, lki)) {
2672 			sa_key->rx_latest = TRUE;
2673 			sa_key->tx_latest = TRUE;
2674 			latest_sak = sa_key;
2675 			principal->to_use_sak = TRUE;
2676 		} else {
2677 			sa_key->rx_latest = FALSE;
2678 			sa_key->tx_latest = FALSE;
2679 		}
2680 	}
2681 	if (!latest_sak) {
2682 		wpa_printf(MSG_ERROR, "lki related sak not found");
2683 		return -1;
2684 	}
2685 
2686 	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2687 		rxsa = ieee802_1x_kay_init_receive_sa(rxsc, latest_sak->an, 1,
2688 						      latest_sak);
2689 		if (!rxsa)
2690 			return -1;
2691 
2692 		secy_create_receive_sa(kay, rxsa);
2693 	}
2694 
2695 	txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an,
2696 					       1, latest_sak);
2697 	if (!txsa)
2698 		return -1;
2699 
2700 	secy_create_transmit_sa(kay, txsa);
2701 
2702 
2703 
2704 	return 0;
2705 }
2706 
2707 
2708 /**
2709  * ieee802_1x_kay_delete_sas -
2710  */
2711 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
2712 			      struct ieee802_1x_mka_ki *ki)
2713 {
2714 	struct data_key *sa_key, *pre_key;
2715 	struct transmit_sa *txsa, *pre_txsa;
2716 	struct receive_sa *rxsa, *pre_rxsa;
2717 	struct receive_sc *rxsc;
2718 	struct ieee802_1x_mka_participant *principal;
2719 
2720 	wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__);
2721 	principal = ieee802_1x_kay_get_principal_participant(kay);
2722 	if (!principal)
2723 		return -1;
2724 
2725 	/* remove the transmit sa */
2726 	dl_list_for_each_safe(txsa, pre_txsa, &principal->txsc->sa_list,
2727 			      struct transmit_sa, list) {
2728 		if (is_ki_equal(&txsa->pkey->key_identifier, ki)) {
2729 			secy_disable_transmit_sa(kay, txsa);
2730 			ieee802_1x_kay_deinit_transmit_sa(txsa);
2731 		}
2732 	}
2733 
2734 	/* remove the receive sa */
2735 	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2736 		dl_list_for_each_safe(rxsa, pre_rxsa, &rxsc->sa_list,
2737 				      struct receive_sa, list) {
2738 			if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
2739 				secy_disable_receive_sa(kay, rxsa);
2740 				ieee802_1x_kay_deinit_receive_sa(rxsa);
2741 			}
2742 		}
2743 	}
2744 
2745 	/* remove the sak */
2746 	dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
2747 			      struct data_key, list) {
2748 		if (is_ki_equal(&sa_key->key_identifier, ki)) {
2749 			ieee802_1x_kay_deinit_data_key(sa_key);
2750 			break;
2751 		}
2752 		if (principal->new_key == sa_key)
2753 			principal->new_key = NULL;
2754 	}
2755 
2756 	return 0;
2757 }
2758 
2759 
2760 /**
2761  * ieee802_1x_kay_enable_tx_sas -
2762  */
2763 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
2764 				 struct ieee802_1x_mka_ki *lki)
2765 {
2766 	struct ieee802_1x_mka_participant *principal;
2767 	struct transmit_sa *txsa;
2768 
2769 	principal = ieee802_1x_kay_get_principal_participant(kay);
2770 	if (!principal)
2771 		return -1;
2772 
2773 	dl_list_for_each(txsa, &principal->txsc->sa_list, struct transmit_sa,
2774 			 list) {
2775 		if (is_ki_equal(&txsa->pkey->key_identifier, lki)) {
2776 			txsa->in_use = TRUE;
2777 			secy_enable_transmit_sa(kay, txsa);
2778 			ieee802_1x_cp_set_usingtransmitas(
2779 				principal->kay->cp, TRUE);
2780 			ieee802_1x_cp_sm_step(principal->kay->cp);
2781 		}
2782 	}
2783 
2784 	return 0;
2785 }
2786 
2787 
2788 /**
2789  * ieee802_1x_kay_enable_rx_sas -
2790  */
2791 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
2792 				 struct ieee802_1x_mka_ki *lki)
2793 {
2794 	struct ieee802_1x_mka_participant *principal;
2795 	struct receive_sa *rxsa;
2796 	struct receive_sc *rxsc;
2797 
2798 	principal = ieee802_1x_kay_get_principal_participant(kay);
2799 	if (!principal)
2800 		return -1;
2801 
2802 	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2803 		dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
2804 		{
2805 			if (is_ki_equal(&rxsa->pkey->key_identifier, lki)) {
2806 				rxsa->in_use = TRUE;
2807 				secy_enable_receive_sa(kay, rxsa);
2808 				ieee802_1x_cp_set_usingreceivesas(
2809 					principal->kay->cp, TRUE);
2810 				ieee802_1x_cp_sm_step(principal->kay->cp);
2811 			}
2812 		}
2813 	}
2814 
2815 	return 0;
2816 }
2817 
2818 
2819 /**
2820  * ieee802_1x_kay_enable_new_info -
2821  */
2822 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
2823 {
2824 	struct ieee802_1x_mka_participant *principal;
2825 
2826 	principal = ieee802_1x_kay_get_principal_participant(kay);
2827 	if (!principal)
2828 		return -1;
2829 
2830 	if (principal->retry_count < MAX_RETRY_CNT) {
2831 		ieee802_1x_participant_send_mkpdu(principal);
2832 		principal->retry_count++;
2833 	}
2834 
2835 	return 0;
2836 }
2837 
2838 
2839 /**
2840  * ieee802_1x_kay_cp_conf -
2841  */
2842 int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
2843 			   struct ieee802_1x_cp_conf *pconf)
2844 {
2845 	pconf->protect = kay->macsec_protect;
2846 	pconf->replay_protect = kay->macsec_replay_protect;
2847 	pconf->validate = kay->macsec_validate;
2848 
2849 	return 0;
2850 }
2851 
2852 
2853 /**
2854  * ieee802_1x_kay_alloc_cp_sm -
2855  */
2856 static struct ieee802_1x_cp_sm *
2857 ieee802_1x_kay_alloc_cp_sm(struct ieee802_1x_kay *kay)
2858 {
2859 	struct ieee802_1x_cp_conf conf;
2860 
2861 	os_memset(&conf, 0, sizeof(conf));
2862 	conf.protect = kay->macsec_protect;
2863 	conf.replay_protect = kay->macsec_replay_protect;
2864 	conf.validate = kay->macsec_validate;
2865 	conf.replay_window = kay->macsec_replay_window;
2866 
2867 	return ieee802_1x_cp_sm_init(kay, &conf);
2868 }
2869 
2870 
2871 /**
2872  * ieee802_1x_kay_mkpdu_sanity_check -
2873  *     sanity check specified in clause 11.11.2 of IEEE802.1X-2010
2874  */
2875 static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
2876 					     const u8 *buf, size_t len)
2877 {
2878 	struct ieee8023_hdr *eth_hdr;
2879 	struct ieee802_1x_hdr *eapol_hdr;
2880 	struct ieee802_1x_mka_hdr *mka_hdr;
2881 	struct ieee802_1x_mka_basic_body *body;
2882 	size_t mka_msg_len;
2883 	struct ieee802_1x_mka_participant *participant;
2884 	size_t body_len;
2885 	u8 icv[MAX_ICV_LEN];
2886 	u8 *msg_icv;
2887 
2888 	eth_hdr = (struct ieee8023_hdr *) buf;
2889 	eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
2890 	mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1);
2891 
2892 	/* destination address should be not individual address */
2893 	if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) {
2894 		wpa_printf(MSG_MSGDUMP,
2895 			   "KaY: ethernet destination address is not PAE group address");
2896 		return -1;
2897 	}
2898 
2899 	/* MKPDU should not less than 32 octets */
2900 	mka_msg_len = be_to_host16(eapol_hdr->length);
2901 	if (mka_msg_len < 32) {
2902 		wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
2903 		return -1;
2904 	}
2905 	/* MKPDU should multiple 4 octets */
2906 	if ((mka_msg_len % 4) != 0) {
2907 		wpa_printf(MSG_MSGDUMP,
2908 			   "KaY: MKPDU is not multiple of 4 octets");
2909 		return -1;
2910 	}
2911 
2912 	body = (struct ieee802_1x_mka_basic_body *) mka_hdr;
2913 	ieee802_1x_mka_dump_basic_body(body);
2914 	body_len = get_mka_param_body_len(body);
2915 	/* EAPOL-MKA body should comprise basic parameter set and ICV */
2916 	if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
2917 		wpa_printf(MSG_ERROR,
2918 			   "KaY: Received EAPOL-MKA Packet Body Length (%d bytes) is less than the Basic Parameter Set Header Length (%d bytes) + the Basic Parameter Set Body Length (%d bytes) + %d bytes of ICV",
2919 			   (int) mka_msg_len, (int) MKA_HDR_LEN,
2920 			   (int) body_len, DEFAULT_ICV_LEN);
2921 		return -1;
2922 	}
2923 
2924 	/* CKN should be owned by I */
2925 	participant = ieee802_1x_kay_get_participant(kay, body->ckn);
2926 	if (!participant) {
2927 		wpa_printf(MSG_DEBUG, "CKN is not included in my CA");
2928 		return -1;
2929 	}
2930 
2931 	/* algorithm agility check */
2932 	if (os_memcmp(body->algo_agility, mka_algo_agility,
2933 		      sizeof(body->algo_agility)) != 0) {
2934 		wpa_printf(MSG_ERROR,
2935 			   "KaY: peer's algorithm agility not supported for me");
2936 		return -1;
2937 	}
2938 
2939 	/* ICV check */
2940 	/*
2941 	 * The ICV will comprise the final octets of the packet body, whatever
2942 	 * its size, not the fixed length 16 octets, indicated by the EAPOL
2943 	 * packet body length.
2944 	 */
2945 	if (mka_alg_tbl[kay->mka_algindex].icv_hash(
2946 		    participant->ick.key,
2947 		    buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
2948 		wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
2949 		return -1;
2950 	}
2951 	msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr,
2952 						 mka_msg_len);
2953 
2954 	if (msg_icv) {
2955 		if (os_memcmp_const(msg_icv, icv,
2956 				    mka_alg_tbl[kay->mka_algindex].icv_len) !=
2957 		    0) {
2958 			wpa_printf(MSG_ERROR,
2959 				   "KaY: Computed ICV is not equal to Received ICV");
2960 		return -1;
2961 		}
2962 	} else {
2963 		wpa_printf(MSG_ERROR, "KaY: No ICV");
2964 		return -1;
2965 	}
2966 
2967 	return 0;
2968 }
2969 
2970 
2971 /**
2972  * ieee802_1x_kay_decode_mkpdu -
2973  */
2974 static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
2975 				       const u8 *buf, size_t len)
2976 {
2977 	struct ieee802_1x_mka_participant *participant;
2978 	struct ieee802_1x_mka_hdr *hdr;
2979 	size_t body_len;
2980 	size_t left_len;
2981 	int body_type;
2982 	int i;
2983 	const u8 *pos;
2984 	Boolean my_included;
2985 	Boolean handled[256];
2986 
2987 	if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
2988 		return -1;
2989 
2990 	/* handle basic parameter set */
2991 	pos = buf + sizeof(struct ieee8023_hdr) + sizeof(struct ieee802_1x_hdr);
2992 	left_len = len - sizeof(struct ieee8023_hdr) -
2993 		sizeof(struct ieee802_1x_hdr);
2994 	participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
2995 	if (!participant)
2996 		return -1;
2997 
2998 	/* to skip basic parameter set */
2999 	hdr = (struct ieee802_1x_mka_hdr *) pos;
3000 	body_len = get_mka_param_body_len(hdr);
3001 	pos += body_len + MKA_HDR_LEN;
3002 	left_len -= body_len + MKA_HDR_LEN;
3003 
3004 	/* check i am in the peer's peer list */
3005 	my_included = ieee802_1x_mka_i_in_peerlist(participant, pos, left_len);
3006 	if (my_included) {
3007 		/* accept the peer as live peer */
3008 		if (!ieee802_1x_kay_is_in_peer(
3009 			    participant,
3010 			    participant->current_peer_id.mi)) {
3011 			if (!ieee802_1x_kay_create_live_peer(
3012 				    participant,
3013 				    participant->current_peer_id.mi,
3014 				    participant->current_peer_id.mn))
3015 				return -1;
3016 			ieee802_1x_kay_elect_key_server(participant);
3017 			ieee802_1x_kay_decide_macsec_use(participant);
3018 		}
3019 		if (ieee802_1x_kay_is_in_potential_peer(
3020 			    participant, participant->current_peer_id.mi)) {
3021 			ieee802_1x_kay_move_live_peer(
3022 				participant, participant->current_peer_id.mi,
3023 				participant->current_peer_id.mn);
3024 			ieee802_1x_kay_elect_key_server(participant);
3025 			ieee802_1x_kay_decide_macsec_use(participant);
3026 		}
3027 	}
3028 
3029 	/*
3030 	 * Handle other parameter set than basic parameter set.
3031 	 * Each parameter set should be present only once.
3032 	 */
3033 	for (i = 0; i < 256; i++)
3034 		handled[i] = FALSE;
3035 
3036 	handled[0] = TRUE;
3037 	while (left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN) {
3038 		hdr = (struct ieee802_1x_mka_hdr *) pos;
3039 		body_len = get_mka_param_body_len(hdr);
3040 		body_type = get_mka_param_body_type(hdr);
3041 
3042 		if (body_type == MKA_ICV_INDICATOR)
3043 			return 0;
3044 
3045 		if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
3046 			wpa_printf(MSG_ERROR,
3047 				   "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
3048 				   (int) left_len, (int) MKA_HDR_LEN,
3049 				   (int) body_len, DEFAULT_ICV_LEN);
3050 			goto next_para_set;
3051 		}
3052 
3053 		if (handled[body_type])
3054 			goto next_para_set;
3055 
3056 		handled[body_type] = TRUE;
3057 		if (mak_body_handler[body_type].body_rx) {
3058 			mak_body_handler[body_type].body_rx
3059 				(participant, pos, left_len);
3060 		} else {
3061 			wpa_printf(MSG_ERROR,
3062 				   "The type %d not supported in this MKA version %d",
3063 				   body_type, MKA_VERSION_ID);
3064 		}
3065 
3066 next_para_set:
3067 		pos += body_len + MKA_HDR_LEN;
3068 		left_len -= body_len + MKA_HDR_LEN;
3069 	}
3070 
3071 	kay->active = TRUE;
3072 	participant->retry_count = 0;
3073 	participant->active = TRUE;
3074 
3075 	return 0;
3076 }
3077 
3078 
3079 
3080 static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
3081 			   size_t len)
3082 {
3083 	struct ieee802_1x_kay *kay = ctx;
3084 	struct ieee8023_hdr *eth_hdr;
3085 	struct ieee802_1x_hdr *eapol_hdr;
3086 
3087 	/* must contain at least ieee8023_hdr + ieee802_1x_hdr */
3088 	if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) {
3089 		wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)",
3090 			   (unsigned long) len);
3091 		return;
3092 	}
3093 
3094 	eth_hdr = (struct ieee8023_hdr *) buf;
3095 	eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
3096 	if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
3097 	    ntohs(eapol_hdr->length)) {
3098 		wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
3099 			   (unsigned long) len,
3100 			   (unsigned long) ntohs(eapol_hdr->length));
3101 		return;
3102 	}
3103 
3104 	if (eapol_hdr->version < EAPOL_VERSION) {
3105 		wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
3106 			   eapol_hdr->version);
3107 		return;
3108 	}
3109 	if (ntohs(eth_hdr->ethertype) != ETH_P_PAE ||
3110 	    eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
3111 		return;
3112 
3113 	wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len);
3114 	if (dl_list_empty(&kay->participant_list)) {
3115 		wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
3116 		return;
3117 	}
3118 
3119 	ieee802_1x_kay_decode_mkpdu(kay, buf, len);
3120 }
3121 
3122 
3123 /**
3124  * ieee802_1x_kay_init -
3125  */
3126 struct ieee802_1x_kay *
3127 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
3128 		    const char *ifname, const u8 *addr)
3129 {
3130 	struct ieee802_1x_kay *kay;
3131 
3132 	kay = os_zalloc(sizeof(*kay));
3133 	if (!kay) {
3134 		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3135 		return NULL;
3136 	}
3137 
3138 	kay->ctx = ctx;
3139 
3140 	kay->enable = TRUE;
3141 	kay->active = FALSE;
3142 
3143 	kay->authenticated = FALSE;
3144 	kay->secured = FALSE;
3145 	kay->failed = FALSE;
3146 	kay->policy = policy;
3147 
3148 	os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
3149 	os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
3150 	kay->actor_sci.port = 0x0001;
3151 	kay->actor_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
3152 
3153 	/* While actor acts as a key server, shall distribute sakey */
3154 	kay->dist_kn = 1;
3155 	kay->dist_an = 0;
3156 	kay->dist_time = 0;
3157 
3158 	kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
3159 	kay->macsec_csindex = DEFAULT_CS_INDEX;
3160 	kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
3161 	kay->mka_version = MKA_VERSION_ID;
3162 
3163 	os_memcpy(kay->algo_agility, mka_algo_agility,
3164 		  sizeof(kay->algo_agility));
3165 
3166 	dl_list_init(&kay->participant_list);
3167 
3168 	if (policy == DO_NOT_SECURE) {
3169 		kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
3170 		kay->macsec_desired = FALSE;
3171 		kay->macsec_protect = FALSE;
3172 		kay->macsec_validate = Disabled;
3173 		kay->macsec_replay_protect = FALSE;
3174 		kay->macsec_replay_window = 0;
3175 		kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3176 	} else {
3177 		kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
3178 		kay->macsec_desired = TRUE;
3179 		kay->macsec_protect = TRUE;
3180 		kay->macsec_validate = Strict;
3181 		kay->macsec_replay_protect = FALSE;
3182 		kay->macsec_replay_window = 0;
3183 		kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
3184 	}
3185 
3186 	wpa_printf(MSG_DEBUG, "KaY: state machine created");
3187 
3188 	/* Initialize the SecY must be prio to CP, as CP will control SecY */
3189 	secy_init_macsec(kay);
3190 	secy_get_available_transmit_sc(kay, &kay->sc_ch);
3191 
3192 	wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
3193 
3194 	/* init CP */
3195 	kay->cp = ieee802_1x_kay_alloc_cp_sm(kay);
3196 	if (kay->cp == NULL) {
3197 		ieee802_1x_kay_deinit(kay);
3198 		return NULL;
3199 	}
3200 
3201 	if (policy == DO_NOT_SECURE) {
3202 		ieee802_1x_cp_connect_authenticated(kay->cp);
3203 		ieee802_1x_cp_sm_step(kay->cp);
3204 	} else {
3205 		kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
3206 					     kay_l2_receive, kay, 1);
3207 		if (kay->l2_mka == NULL) {
3208 			wpa_printf(MSG_WARNING,
3209 				   "KaY: Failed to initialize L2 packet processing for MKA packet");
3210 			ieee802_1x_kay_deinit(kay);
3211 			return NULL;
3212 		}
3213 	}
3214 
3215 	return kay;
3216 }
3217 
3218 
3219 /**
3220  * ieee802_1x_kay_deinit -
3221  */
3222 void
3223 ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
3224 {
3225 	struct ieee802_1x_mka_participant *participant;
3226 
3227 	if (!kay)
3228 		return;
3229 
3230 	wpa_printf(MSG_DEBUG, "KaY: state machine removed");
3231 
3232 	while (!dl_list_empty(&kay->participant_list)) {
3233 		participant = dl_list_entry(kay->participant_list.next,
3234 					    struct ieee802_1x_mka_participant,
3235 					    list);
3236 		ieee802_1x_kay_delete_mka(kay, &participant->ckn);
3237 	}
3238 
3239 	ieee802_1x_cp_sm_deinit(kay->cp);
3240 	secy_deinit_macsec(kay);
3241 
3242 	if (kay->l2_mka) {
3243 		l2_packet_deinit(kay->l2_mka);
3244 		kay->l2_mka = NULL;
3245 	}
3246 
3247 	os_free(kay->ctx);
3248 	os_free(kay);
3249 }
3250 
3251 
3252 /**
3253  * ieee802_1x_kay_create_mka -
3254  */
3255 struct ieee802_1x_mka_participant *
3256 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
3257 			  struct mka_key *cak, u32 life,
3258 			  enum mka_created_mode mode, Boolean is_authenticator)
3259 {
3260 	struct ieee802_1x_mka_participant *participant;
3261 	unsigned int usecs;
3262 
3263 	if (!kay || !ckn || !cak) {
3264 		wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
3265 		return NULL;
3266 	}
3267 
3268 	if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
3269 		wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
3270 		return NULL;
3271 	}
3272 	if (ckn->len > MAX_CKN_LEN) {
3273 		wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
3274 		return NULL;
3275 	}
3276 	if (!kay->enable) {
3277 		wpa_printf(MSG_ERROR, "KaY: Now is at disable state");
3278 		return NULL;
3279 	}
3280 
3281 	participant = os_zalloc(sizeof(*participant));
3282 	if (!participant) {
3283 		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3284 		return NULL;
3285 	}
3286 
3287 	participant->ckn.len = ckn->len;
3288 	os_memcpy(participant->ckn.name, ckn->name, ckn->len);
3289 	participant->cak.len = cak->len;
3290 	os_memcpy(participant->cak.key, cak->key, cak->len);
3291 	if (life)
3292 		participant->cak_life = life + time(NULL);
3293 
3294 	switch (mode) {
3295 	case EAP_EXCHANGE:
3296 		if (is_authenticator) {
3297 			participant->is_obliged_key_server = TRUE;
3298 			participant->can_be_key_server = TRUE;
3299 			participant->is_key_server = TRUE;
3300 			participant->principal = TRUE;
3301 
3302 			os_memcpy(&kay->key_server_sci, &kay->actor_sci,
3303 				  sizeof(kay->key_server_sci));
3304 			kay->key_server_priority = kay->actor_priority;
3305 			participant->is_elected = TRUE;
3306 		} else {
3307 			participant->is_obliged_key_server = FALSE;
3308 			participant->can_be_key_server = FALSE;
3309 			participant->is_key_server = FALSE;
3310 			participant->is_elected = TRUE;
3311 		}
3312 		break;
3313 
3314 	default:
3315 		participant->is_obliged_key_server = FALSE;
3316 		participant->can_be_key_server = TRUE;
3317 		participant->is_key_server = FALSE;
3318 		participant->is_elected = FALSE;
3319 		break;
3320 	}
3321 
3322 	participant->cached = FALSE;
3323 
3324 	participant->active = FALSE;
3325 	participant->participant = FALSE;
3326 	participant->retain = FALSE;
3327 	participant->activate = DEFAULT;
3328 
3329 	if (participant->is_key_server)
3330 		participant->principal = TRUE;
3331 
3332 	dl_list_init(&participant->live_peers);
3333 	dl_list_init(&participant->potential_peers);
3334 
3335 	participant->retry_count = 0;
3336 	participant->kay = kay;
3337 
3338 	if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
3339 		goto fail;
3340 	participant->mn = 0;
3341 
3342 	participant->lrx = FALSE;
3343 	participant->ltx = FALSE;
3344 	participant->orx = FALSE;
3345 	participant->otx = FALSE;
3346 	participant->to_dist_sak = FALSE;
3347 	participant->to_use_sak = FALSE;
3348 	participant->new_sak = FALSE;
3349 	dl_list_init(&participant->sak_list);
3350 	participant->new_key = NULL;
3351 	dl_list_init(&participant->rxsc_list);
3352 	participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci,
3353 							    kay->sc_ch);
3354 	secy_cp_control_protect_frames(kay, kay->macsec_protect);
3355 	secy_cp_control_replay(kay, kay->macsec_replay_protect,
3356 			       kay->macsec_replay_window);
3357 	secy_create_transmit_sc(kay, participant->txsc);
3358 
3359 	/* to derive KEK from CAK and CKN */
3360 	participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
3361 	if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
3362 						    participant->ckn.name,
3363 						    participant->ckn.len,
3364 						    participant->kek.key)) {
3365 		wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
3366 		goto fail;
3367 	}
3368 	wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
3369 			participant->kek.key, participant->kek.len);
3370 
3371 	/* to derive ICK from CAK and CKN */
3372 	participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
3373 	if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
3374 						    participant->ckn.name,
3375 						    participant->ckn.len,
3376 						    participant->ick.key)) {
3377 		wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
3378 		goto fail;
3379 	}
3380 	wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
3381 			participant->ick.key, participant->ick.len);
3382 
3383 	dl_list_add(&kay->participant_list, &participant->list);
3384 	wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
3385 		    ckn->name, ckn->len);
3386 
3387 	usecs = os_random() % (MKA_HELLO_TIME * 1000);
3388 	eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
3389 			       participant, NULL);
3390 	participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
3391 		usecs / 1000000;
3392 
3393 	return participant;
3394 
3395 fail:
3396 	os_free(participant);
3397 	return NULL;
3398 }
3399 
3400 
3401 /**
3402  * ieee802_1x_kay_delete_mka -
3403  */
3404 void
3405 ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
3406 {
3407 	struct ieee802_1x_mka_participant *participant;
3408 	struct ieee802_1x_kay_peer *peer;
3409 	struct data_key *sak;
3410 	struct receive_sc *rxsc;
3411 
3412 	if (!kay || !ckn)
3413 		return;
3414 
3415 	wpa_printf(MSG_DEBUG, "KaY: participant removed");
3416 
3417 	/* get the participant */
3418 	participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3419 	if (!participant) {
3420 		wpa_hexdump(MSG_DEBUG, "KaY: participant is not found",
3421 			    ckn->name, ckn->len);
3422 		return;
3423 	}
3424 
3425 	dl_list_del(&participant->list);
3426 
3427 	/* remove live peer */
3428 	while (!dl_list_empty(&participant->live_peers)) {
3429 		peer = dl_list_entry(participant->live_peers.next,
3430 				     struct ieee802_1x_kay_peer, list);
3431 		dl_list_del(&peer->list);
3432 		os_free(peer);
3433 	}
3434 
3435 	/* remove potential peer */
3436 	while (!dl_list_empty(&participant->potential_peers)) {
3437 		peer = dl_list_entry(participant->potential_peers.next,
3438 				     struct ieee802_1x_kay_peer, list);
3439 		dl_list_del(&peer->list);
3440 		os_free(peer);
3441 	}
3442 
3443 	/* remove sak */
3444 	while (!dl_list_empty(&participant->sak_list)) {
3445 		sak = dl_list_entry(participant->sak_list.next,
3446 				    struct data_key, list);
3447 		dl_list_del(&sak->list);
3448 		os_free(sak->key);
3449 		os_free(sak);
3450 	}
3451 	while (!dl_list_empty(&participant->rxsc_list)) {
3452 		rxsc = dl_list_entry(participant->rxsc_list.next,
3453 				     struct receive_sc, list);
3454 		secy_delete_receive_sc(kay, rxsc);
3455 		ieee802_1x_kay_deinit_receive_sc(participant, rxsc);
3456 	}
3457 	secy_delete_transmit_sc(kay, participant->txsc);
3458 	ieee802_1x_kay_deinit_transmit_sc(participant, participant->txsc);
3459 
3460 	os_memset(&participant->cak, 0, sizeof(participant->cak));
3461 	os_memset(&participant->kek, 0, sizeof(participant->kek));
3462 	os_memset(&participant->ick, 0, sizeof(participant->ick));
3463 	os_free(participant);
3464 }
3465 
3466 
3467 /**
3468  * ieee802_1x_kay_mka_participate -
3469  */
3470 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
3471 				    struct mka_key_name *ckn,
3472 				    Boolean status)
3473 {
3474 	struct ieee802_1x_mka_participant *participant;
3475 
3476 	if (!kay || !ckn)
3477 		return;
3478 
3479 	participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3480 	if (!participant)
3481 		return;
3482 
3483 	participant->active = status;
3484 }
3485 
3486 
3487 /**
3488  * ieee802_1x_kay_new_sak -
3489  */
3490 int
3491 ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
3492 {
3493 	struct ieee802_1x_mka_participant *participant;
3494 
3495 	if (!kay)
3496 		return -1;
3497 
3498 	participant = ieee802_1x_kay_get_principal_participant(kay);
3499 	if (!participant)
3500 		return -1;
3501 
3502 	participant->new_sak = TRUE;
3503 	wpa_printf(MSG_DEBUG, "KaY: new SAK signal");
3504 
3505 	return 0;
3506 }
3507 
3508 
3509 /**
3510  * ieee802_1x_kay_change_cipher_suite -
3511  */
3512 int
3513 ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay, int cs_index)
3514 {
3515 	struct ieee802_1x_mka_participant *participant;
3516 
3517 	if (!kay)
3518 		return -1;
3519 
3520 	if ((unsigned int) cs_index >= CS_TABLE_SIZE) {
3521 		wpa_printf(MSG_ERROR,
3522 			   "KaY: Configured cipher suite index is out of range");
3523 		return -1;
3524 	}
3525 	if (kay->macsec_csindex == cs_index)
3526 		return -2;
3527 
3528 	if (cs_index == 0)
3529 		kay->macsec_desired = FALSE;
3530 
3531 	kay->macsec_csindex = cs_index;
3532 	kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
3533 
3534 	participant = ieee802_1x_kay_get_principal_participant(kay);
3535 	if (participant) {
3536 		wpa_printf(MSG_INFO, "KaY: Cipher Suite changed");
3537 		participant->new_sak = TRUE;
3538 	}
3539 
3540 	return 0;
3541 }
3542