MACsec: Add PAE implementation

This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

src/Makefile

@@ -1,4 +1,4 @@
-SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p radius rsn_supp tls utils wps
+SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps
 
 all:
 	for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done

src/pae/Makefile

@@ -0,0 +1,8 @@
+all:
+	@echo Nothing to be made.
+
+clean:
+	rm -f *~ *.o *.d
+
+install:
+	@echo Nothing to be made.

src/pae/ieee802_1x_cp.c

@@ -0,0 +1,744 @@
+/*
+ * IEEE 802.1X-2010 Controlled Port of PAE state machine - CP state machine
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+#include "utils/state_machine.h"
+#include "ieee802_1x_kay.h"
+#include "ieee802_1x_secy_ops.h"
+#include "pae/ieee802_1x_cp.h"
+
+#define STATE_MACHINE_DATA struct ieee802_1x_cp_sm
+#define STATE_MACHINE_DEBUG_PREFIX "CP"
+
+static u8 default_cs_id[] = CS_ID_GCM_AES_128;
+
+/* The variable defined in clause 12 in IEEE Std 802.1X-2010 */
+enum connect_type { PENDING, UNAUTHENTICATED, AUTHENTICATED, SECURE };
+
+struct ieee802_1x_cp_sm {
+	enum cp_states {
+		CP_BEGIN, CP_INIT, CP_CHANGE, CP_ALLOWED, CP_AUTHENTICATED,
+		CP_SECURED, CP_RECEIVE, CP_RECEIVING, CP_READY, CP_TRANSMIT,
+		CP_TRANSMITTING, CP_ABANDON, CP_RETIRE
+	} CP_state;
+	Boolean changed;
+
+	/* CP -> Client */
+	Boolean port_valid;
+
+	/* Logon -> CP */
+	enum connect_type connect;
+	u8 *authorization_data;
+
+	/* KaY -> CP */
+	Boolean chgd_server; /* clear by CP */
+	Boolean elected_self;
+	u8 *authorization_data1;
+	enum confidentiality_offset cipher_offset;
+	u8 *cipher_suite;
+	Boolean new_sak; /* clear by CP */
+	struct ieee802_1x_mka_ki distributed_ki;
+	u8 distributed_an;
+	Boolean using_receive_sas;
+	Boolean all_receiving;
+	Boolean server_transmitting;
+	Boolean using_transmit_sa;
+
+	/* CP -> KaY */
+	struct ieee802_1x_mka_ki *lki;
+	u8 lan;
+	Boolean ltx;
+	Boolean lrx;
+	struct ieee802_1x_mka_ki *oki;
+	u8 oan;
+	Boolean otx;
+	Boolean orx;
+
+	/* CP -> SecY */
+	Boolean protect_frames;
+	enum validate_frames validate_frames;
+
+	Boolean replay_protect;
+	u32 replay_window;
+
+	u8 *current_cipher_suite;
+	enum confidentiality_offset confidentiality_offset;
+	Boolean controlled_port_enabled;
+
+	/* SecY -> CP */
+	Boolean port_enabled; /* SecY->CP */
+
+	/* private */
+	u32 transmit_when;
+	u32 transmit_delay;
+	u32 retire_when;
+	u32 retire_delay;
+
+	/* not defined IEEE Std 802.1X-2010 */
+	struct ieee802_1x_kay *kay;
+};
+
+static void ieee802_1x_cp_retire_when_timeout(void *eloop_ctx,
+					      void *timeout_ctx);
+static void ieee802_1x_cp_transmit_when_timeout(void *eloop_ctx,
+						void *timeout_ctx);
+
+
+static int changed_cipher(struct ieee802_1x_cp_sm *sm)
+{
+	return sm->confidentiality_offset != sm->cipher_offset ||
+		os_memcmp(sm->current_cipher_suite, sm->cipher_suite,
+			  CS_ID_LEN) != 0;
+}
+
+
+static int changed_connect(struct ieee802_1x_cp_sm *sm)
+{
+	return sm->connect != SECURE || sm->chgd_server || changed_cipher(sm);
+}
+
+
+SM_STATE(CP, INIT)
+{
+	SM_ENTRY(CP, INIT);
+
+	sm->controlled_port_enabled = FALSE;
+	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+
+	sm->port_valid = FALSE;
+
+	os_free(sm->lki);
+	sm->lki = NULL;
+	sm->ltx = FALSE;
+	sm->lrx = FALSE;
+
+	os_free(sm->oki);
+	sm->oki = NULL;
+	sm->otx = FALSE;
+	sm->orx = FALSE;
+
+	sm->port_enabled = TRUE;
+	sm->chgd_server = FALSE;
+}
+
+
+SM_STATE(CP, CHANGE)
+{
+	SM_ENTRY(CP, CHANGE);
+
+	sm->port_valid = FALSE;
+	sm->controlled_port_enabled = FALSE;
+	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+
+	if (sm->lki)
+		ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
+	if (sm->oki)
+		ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
+}
+
+
+SM_STATE(CP, ALLOWED)
+{
+	SM_ENTRY(CP, ALLOWED);
+
+	sm->protect_frames = FALSE;
+	sm->replay_protect = FALSE;
+	sm->validate_frames = Checked;
+
+	sm->port_valid = FALSE;
+	sm->controlled_port_enabled = TRUE;
+
+	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+}
+
+
+SM_STATE(CP, AUTHENTICATED)
+{
+	SM_ENTRY(CP, AUTHENTICATED);
+
+	sm->protect_frames = FALSE;
+	sm->replay_protect = FALSE;
+	sm->validate_frames = Checked;
+
+	sm->port_valid = FALSE;
+	sm->controlled_port_enabled = TRUE;
+
+	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+}
+
+
+SM_STATE(CP, SECURED)
+{
+	struct ieee802_1x_cp_conf conf;
+
+	SM_ENTRY(CP, SECURED);
+
+	sm->chgd_server = FALSE;
+
+	ieee802_1x_kay_cp_conf(sm->kay, &conf);
+	sm->protect_frames = conf.protect;
+	sm->replay_protect = conf.replay_protect;
+	sm->validate_frames = conf.validate;
+
+	/* NOTE: now no other than default cipher suiter(AES-GCM-128) */
+	os_memcpy(sm->current_cipher_suite, sm->cipher_suite, CS_ID_LEN);
+	secy_cp_control_current_cipher_suite(sm->kay, sm->current_cipher_suite,
+					     CS_ID_LEN);
+
+	sm->confidentiality_offset = sm->cipher_offset;
+
+	sm->port_valid = TRUE;
+
+	secy_cp_control_confidentiality_offset(sm->kay,
+					       sm->confidentiality_offset);
+	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+}
+
+
+SM_STATE(CP, RECEIVE)
+{
+	SM_ENTRY(CP, RECEIVE);
+	/* RECEIVE state machine not keep with Figure 12-2 in
+	 * IEEE Std 802.1X-2010 */
+	sm->oki = sm->lki;
+	sm->oan = sm->lan;
+	sm->otx = sm->ltx;
+	sm->orx = sm->lrx;
+	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+				       sm->otx, sm->orx);
+
+	sm->lki = os_malloc(sizeof(*sm->lki));
+	if (!sm->lki) {
+		wpa_printf(MSG_ERROR, "CP-%s: Out of memory", __func__);
+		return;
+	}
+	os_memcpy(sm->lki, &sm->distributed_ki, sizeof(*sm->lki));
+	sm->lan = sm->distributed_an;
+	sm->ltx = FALSE;
+	sm->lrx = FALSE;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
+	ieee802_1x_kay_create_sas(sm->kay, sm->lki);
+	ieee802_1x_kay_enable_rx_sas(sm->kay, sm->lki);
+	sm->new_sak = FALSE;
+	sm->all_receiving = FALSE;
+}
+
+
+SM_STATE(CP, RECEIVING)
+{
+	SM_ENTRY(CP, RECEIVING);
+
+	sm->lrx = TRUE;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
+	sm->transmit_when = sm->transmit_delay;
+	eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);
+	eloop_register_timeout(sm->transmit_when / 1000, 0,
+			       ieee802_1x_cp_transmit_when_timeout, sm, NULL);
+	/* the electedSelf have been set before CP entering to RECEIVING
+	 * but the CP will transmit from RECEIVING to READY under
+	 * the !electedSelf when KaY is not key server */
+	ieee802_1x_cp_sm_step(sm);
+	sm->using_receive_sas = FALSE;
+	sm->server_transmitting = FALSE;
+}
+
+
+SM_STATE(CP, READY)
+{
+	SM_ENTRY(CP, READY);
+
+	ieee802_1x_kay_enable_new_info(sm->kay);
+}
+
+
+SM_STATE(CP, TRANSMIT)
+{
+	SM_ENTRY(CP, TRANSMIT);
+
+	sm->controlled_port_enabled = TRUE;
+	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+	sm->ltx = TRUE;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
+	ieee802_1x_kay_enable_tx_sas(sm->kay,  sm->lki);
+	sm->all_receiving = FALSE;
+	sm->server_transmitting = FALSE;
+}
+
+
+SM_STATE(CP, TRANSMITTING)
+{
+	SM_ENTRY(CP, TRANSMITTING);
+	sm->retire_when = sm->orx ? sm->retire_delay : 0;
+	sm->otx = FALSE;
+	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+				       sm->otx, sm->orx);
+	ieee802_1x_kay_enable_new_info(sm->kay);
+	eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);
+	eloop_register_timeout(sm->retire_when / 1000, 0,
+			       ieee802_1x_cp_retire_when_timeout, sm, NULL);
+	sm->using_transmit_sa = FALSE;
+}
+
+
+SM_STATE(CP, ABANDON)
+{
+	SM_ENTRY(CP, ABANDON);
+	sm->lrx = FALSE;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
+	ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
+
+	os_free(sm->lki);
+	sm->lki = NULL;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
+	sm->new_sak = FALSE;
+}
+
+
+SM_STATE(CP, RETIRE)
+{
+	SM_ENTRY(CP, RETIRE);
+	/* RETIRE state machine not keep with Figure 12-2 in
+	 * IEEE Std 802.1X-2010 */
+	os_free(sm->oki);
+	sm->oki = NULL;
+	sm->orx = FALSE;
+	sm->otx = FALSE;
+	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+				       sm->otx, sm->orx);
+}
+
+
+/**
+ * CP state machine handler entry
+ */
+SM_STEP(CP)
+{
+	if (!sm->port_enabled)
+		SM_ENTER(CP, INIT);
+
+	switch (sm->CP_state) {
+	case CP_BEGIN:
+		SM_ENTER(CP, INIT);
+		break;
+
+	case CP_INIT:
+		SM_ENTER(CP, CHANGE);
+		break;
+
+	case CP_CHANGE:
+		if (sm->connect == UNAUTHENTICATED)
+			SM_ENTER(CP, ALLOWED);
+		else if (sm->connect == AUTHENTICATED)
+			SM_ENTER(CP, AUTHENTICATED);
+		else if (sm->connect == SECURE)
+			SM_ENTER(CP, SECURED);
+		break;
+
+	case CP_ALLOWED:
+		if (sm->connect != UNAUTHENTICATED)
+			SM_ENTER(CP, CHANGE);
+		break;
+
+	case CP_AUTHENTICATED:
+		if (sm->connect != AUTHENTICATED)
+			SM_ENTER(CP, CHANGE);
+		break;
+
+	case CP_SECURED:
+		if (changed_connect(sm))
+			SM_ENTER(CP, CHANGE);
+		else if (sm->new_sak)
+			SM_ENTER(CP, RECEIVE);
+		break;
+
+	case CP_RECEIVE:
+		if (sm->using_receive_sas)
+			SM_ENTER(CP, RECEIVING);
+		break;
+
+	case CP_RECEIVING:
+		if (sm->new_sak || changed_connect(sm))
+			SM_ENTER(CP, ABANDON);
+		if (!sm->elected_self)
+			SM_ENTER(CP, READY);
+		if (sm->elected_self &&
+		    (sm->all_receiving || !sm->transmit_when))
+			SM_ENTER(CP, TRANSMIT);
+		break;
+
+	case CP_TRANSMIT:
+		if (sm->using_transmit_sa)
+			SM_ENTER(CP, TRANSMITTING);
+		break;
+
+	case CP_TRANSMITTING:
+		if (!sm->retire_when || changed_connect(sm))
+			SM_ENTER(CP, RETIRE);
+		break;
+
+	case CP_RETIRE:
+		if (changed_connect(sm))
+			SM_ENTER(CP, CHANGE);
+		else if (sm->new_sak)
+			SM_ENTER(CP, RECEIVE);
+		break;
+
+	case CP_READY:
+		if (sm->new_sak || changed_connect(sm))
+			SM_ENTER(CP, RECEIVE);
+		if (sm->server_transmitting)
+			SM_ENTER(CP, TRANSMIT);
+		break;
+	case CP_ABANDON:
+		if (changed_connect(sm))
+			SM_ENTER(CP, RETIRE);
+		else if (sm->new_sak)
+			SM_ENTER(CP, RECEIVE);
+		break;
+	default:
+		wpa_printf(MSG_ERROR, "CP: the state machine is not defined");
+		break;
+	}
+}
+
+
+/**
+ * ieee802_1x_cp_sm_init -
+ */
+struct ieee802_1x_cp_sm * ieee802_1x_cp_sm_init(
+	struct ieee802_1x_kay *kay,
+	struct ieee802_1x_cp_conf *pcp_conf)
+{
+	struct ieee802_1x_cp_sm *sm;
+
+	sm = os_zalloc(sizeof(*sm));
+	if (sm == NULL) {
+		wpa_printf(MSG_ERROR, "CP-%s: out of memory", __func__);
+		return NULL;
+	}
+
+	sm->kay = kay;
+
+	sm->port_valid = FALSE;
+
+	sm->chgd_server = FALSE;
+
+	sm->protect_frames = pcp_conf->protect;
+	sm->validate_frames = pcp_conf->validate;
+	sm->replay_protect = pcp_conf->replay_protect;
+	sm->replay_window = pcp_conf->replay_window;
+
+	sm->controlled_port_enabled = FALSE;
+
+	sm->lki = NULL;
+	sm->lrx = FALSE;
+	sm->ltx = FALSE;
+	sm->oki = NULL;
+	sm->orx = FALSE;
+	sm->otx = FALSE;
+
+	sm->cipher_suite = os_zalloc(CS_ID_LEN);
+	sm->current_cipher_suite = os_zalloc(CS_ID_LEN);
+	if (!sm->cipher_suite || !sm->current_cipher_suite) {
+		wpa_printf(MSG_ERROR, "CP-%s: out of memory", __func__);
+		os_free(sm->cipher_suite);
+		os_free(sm->current_cipher_suite);
+		os_free(sm);
+		return NULL;
+	}
+	os_memcpy(sm->current_cipher_suite, default_cs_id, CS_ID_LEN);
+	os_memcpy(sm->cipher_suite, default_cs_id, CS_ID_LEN);
+	sm->cipher_offset = CONFIDENTIALITY_OFFSET_0;
+	sm->confidentiality_offset = sm->cipher_offset;
+	sm->transmit_delay = MKA_LIFE_TIME;
+	sm->retire_delay = MKA_SAK_RETIRE_TIME;
+	sm->CP_state = CP_BEGIN;
+	sm->changed = FALSE;
+	sm->authorization_data = NULL;
+
+	wpa_printf(MSG_DEBUG, "CP: state machine created");
+
+	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+	secy_cp_control_confidentiality_offset(sm->kay,
+					       sm->confidentiality_offset);
+
+	SM_ENTER(CP, INIT);
+	SM_STEP_RUN(CP);
+
+	return sm;
+}
+
+
+static void ieee802_1x_cp_step_run(struct ieee802_1x_cp_sm *sm)
+{
+	enum cp_states prev_state;
+	int i;
+
+	for (i = 0; i < 100; i++) {
+		prev_state = sm->CP_state;
+		SM_STEP_RUN(CP);
+		if (prev_state == sm->CP_state)
+			break;
+	}
+}
+
+
+static void ieee802_1x_cp_step_cb(void *eloop_ctx, void *timeout_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = eloop_ctx;
+	ieee802_1x_cp_step_run(sm);
+}
+
+
+/**
+ * ieee802_1x_cp_sm_deinit -
+ */
+void ieee802_1x_cp_sm_deinit(struct ieee802_1x_cp_sm *sm)
+{
+	wpa_printf(MSG_DEBUG, "CP: state machine removed");
+	if (!sm)
+		return;
+
+	eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);
+	eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);
+	eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);
+	os_free(sm->lki);
+	os_free(sm->oki);
+	os_free(sm->cipher_suite);
+	os_free(sm->current_cipher_suite);
+	os_free(sm->authorization_data);
+	os_free(sm);
+}
+
+
+/**
+ * ieee802_1x_cp_connect_pending
+ */
+void ieee802_1x_cp_connect_pending(void *cp_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+	sm->connect = PENDING;
+}
+
+
+/**
+ * ieee802_1x_cp_connect_unauthenticated
+ */
+void ieee802_1x_cp_connect_unauthenticated(void *cp_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = (struct ieee802_1x_cp_sm *)cp_ctx;
+
+	sm->connect = UNAUTHENTICATED;
+}
+
+
+/**
+ * ieee802_1x_cp_connect_authenticated
+ */
+void ieee802_1x_cp_connect_authenticated(void *cp_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+	sm->connect = AUTHENTICATED;
+}
+
+
+/**
+ * ieee802_1x_cp_connect_secure
+ */
+void ieee802_1x_cp_connect_secure(void *cp_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+	sm->connect = SECURE;
+}
+
+
+/**
+ * ieee802_1x_cp_set_chgdserver -
+ */
+void ieee802_1x_cp_signal_chgdserver(void *cp_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+	sm->chgd_server = TRUE;
+}
+
+
+/**
+ * ieee802_1x_cp_set_electedself -
+ */
+void ieee802_1x_cp_set_electedself(void *cp_ctx, Boolean status)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->elected_self = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_authorizationdata -
+ */
+void ieee802_1x_cp_set_authorizationdata(void *cp_ctx, u8 *pdata, int len)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	os_free(sm->authorization_data);
+	sm->authorization_data = os_zalloc(len);
+	if (sm->authorization_data)
+		os_memcpy(sm->authorization_data, pdata, len);
+}
+
+
+/**
+ * ieee802_1x_cp_set_ciphersuite -
+ */
+void ieee802_1x_cp_set_ciphersuite(void *cp_ctx, void *pid)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	os_memcpy(sm->cipher_suite, pid, CS_ID_LEN);
+}
+
+
+/**
+ * ieee802_1x_cp_set_offset -
+ */
+void ieee802_1x_cp_set_offset(void *cp_ctx, enum confidentiality_offset offset)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->cipher_offset = offset;
+}
+
+
+/**
+ * ieee802_1x_cp_signal_newsak -
+ */
+void ieee802_1x_cp_signal_newsak(void *cp_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->new_sak = TRUE;
+}
+
+
+/**
+ * ieee802_1x_cp_set_distributedki -
+ */
+void ieee802_1x_cp_set_distributedki(void *cp_ctx,
+				     const struct ieee802_1x_mka_ki *dki)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	os_memcpy(&sm->distributed_ki, dki, sizeof(struct ieee802_1x_mka_ki));
+}
+
+
+/**
+ * ieee802_1x_cp_set_distributedan -
+ */
+void ieee802_1x_cp_set_distributedan(void *cp_ctx, u8 an)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->distributed_an = an;
+}
+
+
+/**
+ * ieee802_1x_cp_set_usingreceivesas -
+ */
+void ieee802_1x_cp_set_usingreceivesas(void *cp_ctx, Boolean status)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->using_receive_sas = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_allreceiving -
+ */
+void ieee802_1x_cp_set_allreceiving(void *cp_ctx, Boolean status)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->all_receiving = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_servertransmitting -
+ */
+void ieee802_1x_cp_set_servertransmitting(void *cp_ctx, Boolean status)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->server_transmitting = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_usingtransmitsas -
+ */
+void ieee802_1x_cp_set_usingtransmitas(void *cp_ctx, Boolean status)
+{
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	sm->using_transmit_sa = status;
+}
+
+
+/**
+ * ieee802_1x_cp_sm_step - Advance EAPOL state machines
+ * @sm: EAPOL state machine
+ *
+ * This function is called to advance CP state machines after any change
+ * that could affect their state.
+ */
+void ieee802_1x_cp_sm_step(void *cp_ctx)
+{
+	/*
+	 * Run ieee802_1x_cp_step_run from a registered timeout
+	 * to make sure that other possible timeouts/events are processed
+	 * and to avoid long function call chains.
+	 */
+	struct ieee802_1x_cp_sm *sm = cp_ctx;
+	eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);
+	eloop_register_timeout(0, 0, ieee802_1x_cp_step_cb, sm, NULL);
+}
+
+
+static void ieee802_1x_cp_retire_when_timeout(void *eloop_ctx,
+					      void *timeout_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = eloop_ctx;
+	sm->retire_when = 0;
+	ieee802_1x_cp_step_run(sm);
+}
+
+
+static void
+ieee802_1x_cp_transmit_when_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+	struct ieee802_1x_cp_sm *sm = eloop_ctx;
+	sm->transmit_when = 0;
+	ieee802_1x_cp_step_run(sm);
+}

src/pae/ieee802_1x_cp.h

@@ -0,0 +1,50 @@
+/*
+ * IEEE Std 802.1X-2010 Controlled Port of PAE state machine - CP state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_CP_H
+#define IEEE802_1X_CP_H
+
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+struct ieee802_1x_cp_sm;
+struct ieee802_1x_kay;
+struct ieee802_1x_mka_ki;
+
+struct ieee802_1x_cp_conf {
+	Boolean protect;
+	Boolean replay_protect;
+	enum validate_frames validate;
+	u32 replay_window;
+};
+
+
+struct ieee802_1x_cp_sm *
+ieee802_1x_cp_sm_init(struct ieee802_1x_kay *kay,
+		      struct ieee802_1x_cp_conf *pcp_conf);
+void ieee802_1x_cp_sm_deinit(struct ieee802_1x_cp_sm *sm);
+void ieee802_1x_cp_sm_step(void *cp_ctx);
+void ieee802_1x_cp_connect_pending(void *cp_ctx);
+void ieee802_1x_cp_connect_unauthenticated(void *cp_ctx);
+void ieee802_1x_cp_connect_authenticated(void *cp_ctx);
+void ieee802_1x_cp_connect_secure(void *cp_ctx);
+void ieee802_1x_cp_signal_chgdserver(void *cp_ctx);
+void ieee802_1x_cp_set_electedself(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_authorizationdata(void *cp_ctx, u8 *pdata, int len);
+void ieee802_1x_cp_set_ciphersuite(void *cp_ctx, void *pid);
+void ieee802_1x_cp_set_offset(void *cp_ctx, enum confidentiality_offset offset);
+void ieee802_1x_cp_signal_newsak(void *cp_ctx);
+void ieee802_1x_cp_set_distributedki(void *cp_ctx,
+				     const struct ieee802_1x_mka_ki *dki);
+void ieee802_1x_cp_set_distributedan(void *cp_ctx, u8 an);
+void ieee802_1x_cp_set_usingreceivesas(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_allreceiving(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_servertransmitting(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_usingtransmitas(void *cp_ctx, Boolean status);
+
+#endif /* IEEE802_1X_CP_H */

src/pae/ieee802_1x_kay.c

@@ -0,0 +1,3526 @@
+/*
+ * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <time.h>
+#include "includes.h"
+#include "common.h"
+#include "list.h"
+#include "eloop.h"
+#include "wpabuf.h"
+#include "state_machine.h"
+#include "l2_packet/l2_packet.h"
+#include "common/eapol_common.h"
+#include "crypto/aes_wrap.h"
+#include "ieee802_1x_cp.h"
+#include "ieee802_1x_key.h"
+#include "ieee802_1x_kay.h"
+#include "ieee802_1x_kay_i.h"
+#include "ieee802_1x_secy_ops.h"
+
+
+#define DEFAULT_SA_KEY_LEN	16
+#define DEFAULT_ICV_LEN		16
+#define MAX_ICV_LEN		32  /* 32 bytes, 256 bits */
+
+#define PENDING_PN_EXHAUSTION 0xC0000000
+
+/* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */
+#define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 }
+static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
+
+/* IEEE802.1AE-2006 Table 14-1 MACsec Cipher Suites */
+static struct macsec_ciphersuite cipher_suite_tbl[] = {
+	/* GCM-AES-128 */
+	{
+		CS_ID_GCM_AES_128,
+		CS_NAME_GCM_AES_128,
+		MACSEC_CAP_INTEG_AND_CONF_0_30_50,
+		16,
+
+		0 /* index */
+	},
+};
+#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
+#define DEFAULT_CS_INDEX  0
+
+static struct mka_alg mka_alg_tbl[] = {
+	{
+		MKA_ALGO_AGILITY_2009,
+		/* 128-bit CAK, KEK, ICK, ICV */
+		16, 16,	16, 16,
+		ieee802_1x_cak_128bits_aes_cmac,
+		ieee802_1x_ckn_128bits_aes_cmac,
+		ieee802_1x_kek_128bits_aes_cmac,
+		ieee802_1x_ick_128bits_aes_cmac,
+		ieee802_1x_icv_128bits_aes_cmac,
+
+		1, /* index */
+	},
+};
+#define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
+
+
+static int is_ki_equal(struct ieee802_1x_mka_ki *ki1,
+		       struct ieee802_1x_mka_ki *ki2)
+{
+	return os_memcmp(ki1->mi, ki2->mi, MI_LEN) == 0 &&
+		ki1->kn == ki2->kn;
+}
+
+
+struct mka_param_body_handler {
+	int (*body_tx)(struct ieee802_1x_mka_participant *participant,
+		       struct wpabuf *buf);
+	int (*body_rx)(struct ieee802_1x_mka_participant *participant,
+		       const u8 *mka_msg, size_t msg_len);
+	int (*body_length)(struct ieee802_1x_mka_participant *participant);
+	Boolean (*body_present)(struct ieee802_1x_mka_participant *participant);
+};
+
+
+static void set_mka_param_body_len(void *body, unsigned int len)
+{
+	struct ieee802_1x_mka_hdr *hdr = body;
+	hdr->length = (len >> 8) & 0x0f;
+	hdr->length1 = len & 0xff;
+}
+
+
+static unsigned int get_mka_param_body_len(const void *body)
+{
+	const struct ieee802_1x_mka_hdr *hdr = body;
+	return (hdr->length << 8) | hdr->length1;
+}
+
+
+static int get_mka_param_body_type(const void *body)
+{
+	const struct ieee802_1x_mka_hdr *hdr = body;
+	return hdr->type;
+}
+
+
+/**
+ * ieee802_1x_mka_dump_basic_body -
+ */
+static void
+ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
+{
+	size_t body_len;
+
+	if (!body)
+		return;
+
+	body_len = get_mka_param_body_len(body);
+	wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***");
+	wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version);
+	wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
+	wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
+	wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
+	wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capbility);
+	wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+	wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
+		   MAC2STR(body->actor_sci.addr));
+	wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
+		   be_to_host16(body->actor_sci.port));
+	wpa_hexdump(MSG_DEBUG, "\tMember Id.....:",
+		    body->actor_mi, sizeof(body->actor_mi));
+	wpa_printf(MSG_DEBUG, "\tMessage Number: %d",
+		   be_to_host32(body->actor_mn));
+	wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:",
+		    body->algo_agility, sizeof(body->algo_agility));
+	wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn,
+			  body_len + MKA_HDR_LEN - sizeof(*body));
+}
+
+
+/**
+ * ieee802_1x_mka_dump_peer_body -
+ */
+static void
+ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
+{
+	size_t body_len;
+	size_t i;
+	u8 *mi;
+	u32 mn;
+
+	if (body == NULL)
+		return;
+
+	body_len = get_mka_param_body_len(body);
+	if (body->type == MKA_LIVE_PEER_LIST) {
+		wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
+		wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+	} else if (body->type == MKA_POTENTIAL_PEER_LIST) {
+		wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
+		wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+	}
+
+	for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
+		mi = body->peer + i;
+		os_memcpy(&mn, mi + MI_LEN, sizeof(mn));
+		wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN);
+		wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn));
+	}
+}
+
+
+/**
+ * ieee802_1x_mka_dump_dist_sak_body -
+ */
+static void
+ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body)
+{
+	size_t body_len;
+
+	if (body == NULL)
+		return;
+
+	body_len = get_mka_param_body_len(body);
+	wpa_printf(MSG_INFO, "*** Distributed SAK ***");
+	wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
+	wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
+		   body->confid_offset);
+	wpa_printf(MSG_INFO, "\tBody Length...........: %d", (int) body_len);
+	if (!body_len)
+		return;
+
+	wpa_printf(MSG_INFO, "\tKey Number............: %d",
+		   be_to_host32(body->kn));
+	wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24);
+}
+
+
+static const char * yes_no(int val)
+{
+	return val ? "Yes" : "No";
+}
+
+
+/**
+ * ieee802_1x_mka_dump_sak_use_body -
+ */
+static void
+ieee802_1x_mka_dump_sak_use_body(struct ieee802_1x_mka_sak_use_body *body)
+{
+	int body_len;
+
+	if (body == NULL)
+		return;
+
+	body_len = get_mka_param_body_len(body);
+	wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***");
+	wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan);
+	wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx));
+	wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx));
+	wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan);
+	wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx));
+	wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx));
+	wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx));
+	wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx));
+	wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s",
+		   yes_no(body->delay_protect));
+	wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len);
+	if (!body_len)
+		return;
+
+	wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:",
+		    body->lsrv_mi, sizeof(body->lsrv_mi));
+	wpa_printf(MSG_DEBUG, "\tKey Number.......: %u",
+		   be_to_host32(body->lkn));
+	wpa_printf(MSG_DEBUG, "\tLowest PN........: %u",
+		   be_to_host32(body->llpn));
+	wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:",
+			  body->osrv_mi, sizeof(body->osrv_mi));
+	wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u",
+		   be_to_host32(body->okn));
+	wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u",
+		   be_to_host32(body->olpn));
+}
+
+
+/**
+ * ieee802_1x_kay_get_participant -
+ */
+static struct ieee802_1x_mka_participant *
+ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn)
+{
+	struct ieee802_1x_mka_participant *participant;
+
+	dl_list_for_each(participant, &kay->participant_list,
+			 struct ieee802_1x_mka_participant, list) {
+		if (os_memcmp(participant->ckn.name, ckn,
+			      participant->ckn.len) == 0)
+			return participant;
+	}
+
+	wpa_printf(MSG_DEBUG, "KaY: participant is not found");
+
+	return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_get_principal_participant -
+ */
+static struct ieee802_1x_mka_participant *
+ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
+{
+	struct ieee802_1x_mka_participant *participant;
+
+	dl_list_for_each(participant, &kay->participant_list,
+			 struct ieee802_1x_mka_participant, list) {
+		if (participant->principal)
+			return participant;
+	}
+
+	wpa_printf(MSG_DEBUG, "KaY: principal participant is not founded");
+	return NULL;
+}
+
+
+static struct ieee802_1x_kay_peer * get_peer_mi(struct dl_list *peers,
+						const u8 *mi)
+{
+	struct ieee802_1x_kay_peer *peer;
+
+	dl_list_for_each(peer, peers, struct ieee802_1x_kay_peer, list) {
+		if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
+			return peer;
+	}
+
+	return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_is_in_potential_peer
+ */
+static Boolean
+ieee802_1x_kay_is_in_potential_peer(
+	struct ieee802_1x_mka_participant *participant, const u8 *mi)
+{
+	return get_peer_mi(&participant->potential_peers, mi) != NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_is_in_live_peer
+ */
+static Boolean
+ieee802_1x_kay_is_in_live_peer(
+	struct ieee802_1x_mka_participant *participant, const u8 *mi)
+{
+	return get_peer_mi(&participant->live_peers, mi) != NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_is_in_peer
+ */
+static Boolean
+ieee802_1x_kay_is_in_peer(struct ieee802_1x_mka_participant *participant,
+			  const u8 *mi)
+{
+	return ieee802_1x_kay_is_in_live_peer(participant, mi) ||
+		ieee802_1x_kay_is_in_potential_peer(participant, mi);
+}
+
+
+/**
+ * ieee802_1x_kay_get_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
+			const u8 *mi)
+{
+	struct ieee802_1x_kay_peer *peer;
+
+	peer = get_peer_mi(&participant->live_peers, mi);
+	if (peer)
+		return peer;
+
+	return get_peer_mi(&participant->potential_peers, mi);
+}
+
+
+/**
+ * ieee802_1x_kay_get_live_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_get_live_peer(struct ieee802_1x_mka_participant *participant,
+			     const u8 *mi)
+{
+	return get_peer_mi(&participant->live_peers, mi);
+}
+
+
+/**
+ * ieee802_1x_kay_get_cipher_suite
+ */
+static struct macsec_ciphersuite *
+ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
+				u8 *cs_id)
+{
+	unsigned int i;
+
+	for (i = 0; i < CS_TABLE_SIZE; i++) {
+		if (os_memcmp(cipher_suite_tbl[i].id, cs_id, CS_ID_LEN) == 0)
+			break;
+	}
+	if (i >= CS_TABLE_SIZE)
+		return NULL;
+
+	return &cipher_suite_tbl[i];
+}
+
+
+/**
+ * ieee802_1x_kay_get_peer_sci
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant,
+			    const struct ieee802_1x_mka_sci *sci)
+{
+	struct ieee802_1x_kay_peer *peer;
+
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
+			return peer;
+	}
+
+	dl_list_for_each(peer, &participant->potential_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
+			return peer;
+	}
+
+	return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_init_receive_sa -
+ */
+static struct receive_sa *
+ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn,
+			       struct data_key *key)
+{
+	struct receive_sa *psa;
+
+	if (!psc || !key)
+		return NULL;
+
+	psa = os_zalloc(sizeof(*psa));
+	if (!psa) {
+		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+		return NULL;
+	}
+
+	psa->pkey = key;
+	psa->lowest_pn = lowest_pn;
+	psa->next_pn = lowest_pn;
+	psa->an = an;
+	psa->sc = psc;
+
+	os_get_time(&psa->created_time);
+	psa->in_use = FALSE;
+
+	dl_list_add(&psc->sa_list, &psa->list);
+	wpa_printf(MSG_DEBUG,
+		   "KaY: Create receive SA(AN: %d lowest_pn: %u of SC(channel: %d)",
+		   (int) an, lowest_pn, psc->channel);
+
+	return psa;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_receive_sa -
+ */
+static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa)
+{
+	psa->pkey = NULL;
+	wpa_printf(MSG_DEBUG,
+		   "KaY: Delete receive SA(an: %d) of SC(channel: %d)",
+		   psa->an, psa->sc->channel);
+	dl_list_del(&psa->list);
+	os_free(psa);
+}
+
+
+/**
+ * ieee802_1x_kay_init_receive_sc -
+ */
+static struct receive_sc *
+ieee802_1x_kay_init_receive_sc(const struct ieee802_1x_mka_sci *psci,
+			       int channel)
+{
+	struct receive_sc *psc;
+
+	if (!psci)
+		return NULL;
+
+	psc = os_zalloc(sizeof(*psc));
+	if (!psc) {
+		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+		return NULL;
+	}
+
+	os_memcpy(&psc->sci, psci, sizeof(psc->sci));
+	psc->channel = channel;
+
+	os_get_time(&psc->created_time);
+	psc->receiving = FALSE;
+
+	dl_list_init(&psc->sa_list);
+	wpa_printf(MSG_DEBUG, "KaY: Create receive SC(channel: %d)", channel);
+	wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci));
+
+	return psc;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_receive_sc -
+ **/
+static void
+ieee802_1x_kay_deinit_receive_sc(
+	struct ieee802_1x_mka_participant *participant, struct receive_sc *psc)
+{
+	struct receive_sa *psa, *pre_sa;
+
+	wpa_printf(MSG_DEBUG, "KaY: Delete receive SC(channel: %d)",
+		   psc->channel);
+	dl_list_for_each_safe(psa, pre_sa, &psc->sa_list, struct receive_sa,
+			      list)  {
+		secy_disable_receive_sa(participant->kay, psa);
+		ieee802_1x_kay_deinit_receive_sa(psa);
+	}
+	dl_list_del(&psc->list);
+	os_free(psc);
+}
+
+
+/**
+ * ieee802_1x_kay_create_live_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
+				u8 *mi, u32 mn)
+{
+	struct ieee802_1x_kay_peer *peer;
+	struct receive_sc *rxsc;
+	u32 sc_ch = 0;
+
+	peer = os_zalloc(sizeof(*peer));
+	if (peer == NULL) {
+		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+		return NULL;
+	}
+
+	os_memcpy(peer->mi, mi, MI_LEN);
+	peer->mn = mn;
+	peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+	peer->sak_used = FALSE;
+	os_memcpy(&peer->sci, &participant->current_peer_sci,
+		  sizeof(peer->sci));
+	dl_list_add(&participant->live_peers, &peer->list);
+
+	secy_get_available_receive_sc(participant->kay, &sc_ch);
+
+	rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
+	if (!rxsc)
+		return NULL;
+
+	dl_list_add(&participant->rxsc_list, &rxsc->list);
+	secy_create_receive_sc(participant->kay, rxsc);
+
+	wpa_printf(MSG_DEBUG, "KaY: Live peer created");
+	wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
+	wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+	wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
+	wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
+
+	return peer;
+}
+
+
+/**
+ * ieee802_1x_kay_create_potential_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_create_potential_peer(
+	struct ieee802_1x_mka_participant *participant, const u8 *mi, u32 mn)
+{
+	struct ieee802_1x_kay_peer *peer;
+
+	peer = os_zalloc(sizeof(*peer));
+	if (peer == NULL) {
+		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+		return NULL;
+	}
+
+	os_memcpy(peer->mi, mi, MI_LEN);
+	peer->mn = mn;
+	peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+	peer->sak_used = FALSE;
+
+	dl_list_add(&participant->potential_peers, &peer->list);
+
+	wpa_printf(MSG_DEBUG, "KaY: potential peer created");
+	wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
+	wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+	wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
+	wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
+
+	return peer;
+}
+
+
+/**
+ * ieee802_1x_kay_move_live_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
+			      u8 *mi, u32 mn)
+{
+	struct ieee802_1x_kay_peer *peer;
+	struct receive_sc *rxsc;
+	u32 sc_ch = 0;
+
+	dl_list_for_each(peer, &participant->potential_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
+			break;
+	}
+
+	os_memcpy(&peer->sci, &participant->current_peer_sci,
+		  sizeof(peer->sci));
+	peer->mn = mn;
+	peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+
+	wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
+	wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
+	wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+	wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
+	wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
+
+	dl_list_del(&peer->list);
+	dl_list_add_tail(&participant->live_peers, &peer->list);
+
+	secy_get_available_receive_sc(participant->kay, &sc_ch);
+
+	rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
+	if (!rxsc)
+		return NULL;
+
+	dl_list_add(&participant->rxsc_list, &rxsc->list);
+	secy_create_receive_sc(participant->kay, rxsc);
+
+	return peer;
+}
+
+
+
+/**
+ *  ieee802_1x_mka_basic_body_present -
+ */
+static Boolean
+ieee802_1x_mka_basic_body_present(
+	struct ieee802_1x_mka_participant *participant)
+{
+	return TRUE;
+}
+
+
+/**
+ * ieee802_1x_mka_basic_body_length -
+ */
+static int
+ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant)
+{
+	int length;
+
+	length = sizeof(struct ieee802_1x_mka_basic_body);
+	length += participant->ckn.len;
+	return (length + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_basic_body
+ */
+static int
+ieee802_1x_mka_encode_basic_body(
+	struct ieee802_1x_mka_participant *participant,
+	struct wpabuf *buf)
+{
+	struct ieee802_1x_mka_basic_body *body;
+	struct ieee802_1x_kay *kay = participant->kay;
+	unsigned int length = ieee802_1x_mka_basic_body_length(participant);
+
+	body = wpabuf_put(buf, length);
+
+	body->version = kay->mka_version;
+	body->priority = kay->actor_priority;
+	if (participant->is_elected)
+		body->key_server = participant->is_key_server;
+	else
+		body->key_server = participant->can_be_key_server;
+
+	body->macsec_desired = kay->macsec_desired;
+	body->macsec_capbility = kay->macsec_capable;
+	set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+	os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
+		  sizeof(kay->actor_sci.addr));
+	body->actor_sci.port = host_to_be16(kay->actor_sci.port);
+
+	os_memcpy(body->actor_mi, participant->mi, sizeof(body->actor_mi));
+	participant->mn = participant->mn + 1;
+	body->actor_mn = host_to_be32(participant->mn);
+	os_memcpy(body->algo_agility, participant->kay->algo_agility,
+		  sizeof(body->algo_agility));
+
+	os_memcpy(body->ckn, participant->ckn.name, participant->ckn.len);
+
+	ieee802_1x_mka_dump_basic_body(body);
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_basic_body -
+ */
+static struct ieee802_1x_mka_participant *
+ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
+				 size_t msg_len)
+{
+	struct ieee802_1x_mka_participant *participant;
+	const struct ieee802_1x_mka_basic_body *body;
+	struct ieee802_1x_kay_peer *peer;
+
+	body = (const struct ieee802_1x_mka_basic_body *) mka_msg;
+
+	if (body->version > MKA_VERSION_ID) {
+		wpa_printf(MSG_DEBUG,
+			   "KaY: peer's version(%d) greater than mka current version(%d)",
+			   body->version, MKA_VERSION_ID);
+	}
+	if (kay->is_obliged_key_server && body->key_server) {
+		wpa_printf(MSG_DEBUG, "I must be as key server");
+		return NULL;
+	}
+
+	participant = ieee802_1x_kay_get_participant(kay, body->ckn);
+	if (!participant) {
+		wpa_printf(MSG_DEBUG, "Peer is not included in my CA");
+		return NULL;
+	}
+
+	/* If the peer's MI is my MI, I will choose new MI */
+	if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
+		os_get_random(participant->mi, sizeof(participant->mi));
+		participant->mn = 0;
+	}
+
+	os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
+	participant->current_peer_id.mn =  be_to_host32(body->actor_mn);
+	os_memcpy(participant->current_peer_sci.addr, body->actor_sci.addr,
+		  sizeof(participant->current_peer_sci.addr));
+	participant->current_peer_sci.port = be_to_host16(body->actor_sci.port);
+
+	/* handler peer */
+	peer = ieee802_1x_kay_get_peer(participant, body->actor_mi);
+	if (!peer) {
+		/* Check duplicated SCI */
+		/* TODO: What policy should be applied to detect duplicated SCI
+		 * is active attacker or a valid peer whose MI is be changed?
+		 */
+		peer = ieee802_1x_kay_get_peer_sci(participant,
+						   &body->actor_sci);
+		if (peer) {
+			wpa_printf(MSG_WARNING,
+				   "KaY: duplicated SCI detected, Maybe active attacker");
+			dl_list_del(&peer->list);
+			os_free(peer);
+		}
+
+		peer = ieee802_1x_kay_create_potential_peer(
+			participant, body->actor_mi,
+			be_to_host32(body->actor_mn));
+		if (!peer)
+			return NULL;
+
+		peer->macsec_desired = body->macsec_desired;
+		peer->macsec_capbility = body->macsec_capbility;
+		peer->is_key_server = (Boolean) body->key_server;
+		peer->key_server_priority = body->priority;
+	} else if (peer->mn < be_to_host32(body->actor_mn)) {
+		peer->mn = be_to_host32(body->actor_mn);
+		peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+		peer->macsec_desired = body->macsec_desired;
+		peer->macsec_capbility = body->macsec_capbility;
+		peer->is_key_server = (Boolean) body->key_server;
+		peer->key_server_priority = body->priority;
+	} else {
+		wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
+		return NULL;
+	}
+
+	return participant;
+}
+
+
+/**
+ * ieee802_1x_mka_live_peer_body_present
+ */
+static Boolean
+ieee802_1x_mka_live_peer_body_present(
+	struct ieee802_1x_mka_participant *participant)
+{
+	return !dl_list_empty(&participant->live_peers);
+}
+
+
+/**
+ * ieee802_1x_kay_get_live_peer_length
+ */
+static int
+ieee802_1x_mka_get_live_peer_length(
+	struct ieee802_1x_mka_participant *participant)
+{
+	int len = MKA_HDR_LEN;
+	struct ieee802_1x_kay_peer *peer;
+
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list)
+		len += sizeof(struct ieee802_1x_mka_peer_id);
+
+	return (len + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_live_peer_body -
+ */
+static int
+ieee802_1x_mka_encode_live_peer_body(
+	struct ieee802_1x_mka_participant *participant,
+	struct wpabuf *buf)
+{
+	struct ieee802_1x_mka_peer_body *body;
+	struct ieee802_1x_kay_peer *peer;
+	unsigned int length;
+	struct ieee802_1x_mka_peer_id *body_peer;
+
+	length = ieee802_1x_mka_get_live_peer_length(participant);
+	body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
+
+	body->type = MKA_LIVE_PEER_LIST;
+	set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		body_peer = wpabuf_put(buf,
+				       sizeof(struct ieee802_1x_mka_peer_id));
+		os_memcpy(body_peer->mi, peer->mi, MI_LEN);
+		body_peer->mn = host_to_be32(peer->mn);
+		body_peer++;
+	}
+
+	ieee802_1x_mka_dump_peer_body(body);
+	return 0;
+}
+
+/**
+ * ieee802_1x_mka_potential_peer_body_present
+ */
+static Boolean
+ieee802_1x_mka_potential_peer_body_present(
+	struct ieee802_1x_mka_participant *participant)
+{
+	return !dl_list_empty(&participant->potential_peers);
+}
+
+
+/**
+ * ieee802_1x_kay_get_potential_peer_length
+ */
+static int
+ieee802_1x_mka_get_potential_peer_length(
+	struct ieee802_1x_mka_participant *participant)
+{
+	int len = MKA_HDR_LEN;
+	struct ieee802_1x_kay_peer *peer;
+
+	dl_list_for_each(peer, &participant->potential_peers,
+			 struct ieee802_1x_kay_peer, list)
+		len += sizeof(struct ieee802_1x_mka_peer_id);
+
+	return (len + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_potential_peer_body -
+ */
+static int
+ieee802_1x_mka_encode_potential_peer_body(
+	struct ieee802_1x_mka_participant *participant,
+	struct wpabuf *buf)
+{
+	struct ieee802_1x_mka_peer_body *body;
+	struct ieee802_1x_kay_peer *peer;
+	unsigned int length;
+	struct ieee802_1x_mka_peer_id *body_peer;
+
+	length = ieee802_1x_mka_get_potential_peer_length(participant);
+	body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
+
+	body->type = MKA_POTENTIAL_PEER_LIST;
+	set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+	dl_list_for_each(peer, &participant->potential_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		body_peer = wpabuf_put(buf,
+				       sizeof(struct ieee802_1x_mka_peer_id));
+		os_memcpy(body_peer->mi, peer->mi, MI_LEN);
+		body_peer->mn = host_to_be32(peer->mn);
+		body_peer++;
+	}
+
+	ieee802_1x_mka_dump_peer_body(body);
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_i_in_peerlist -
+ */
+static Boolean
+ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
+			     const u8 *mka_msg, size_t msg_len)
+{
+	Boolean included = FALSE;
+	struct ieee802_1x_mka_hdr *hdr;
+	size_t body_len;
+	size_t left_len;
+	int body_type;
+	u32 peer_mn;
+	const u8 *peer_mi;
+	const u8 *pos;
+	size_t i;
+
+	pos = mka_msg;
+	left_len = msg_len;
+	while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
+		hdr = (struct ieee802_1x_mka_hdr *) pos;
+		body_len = get_mka_param_body_len(hdr);
+		body_type = get_mka_param_body_type(hdr);
+
+		if (body_type != MKA_LIVE_PEER_LIST &&
+		    body_type != MKA_POTENTIAL_PEER_LIST)
+			goto SKIP_PEER;
+
+		ieee802_1x_mka_dump_peer_body(
+			(struct ieee802_1x_mka_peer_body *)pos);
+
+		if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
+			wpa_printf(MSG_ERROR,
+				   "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
+				   (int) left_len, (int) MKA_HDR_LEN,
+				   (int) body_len, DEFAULT_ICV_LEN);
+			goto SKIP_PEER;
+		}
+
+		if ((body_len % 16) != 0) {
+			wpa_printf(MSG_ERROR,
+				   "KaY: MKA Peer Packet Body Length (%d bytes) should multiple of 16 octets",
+				   (int) body_len);
+			goto SKIP_PEER;
+		}
+
+		for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
+			peer_mi = MKA_HDR_LEN + pos + i;
+			os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
+			peer_mn = be_to_host32(peer_mn);
+			if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
+			    peer_mn == participant->mn) {
+				included = TRUE;
+				break;
+			}
+		}
+
+		if (included)
+			return TRUE;
+
+SKIP_PEER:
+		left_len -= body_len + MKA_HDR_LEN;
+		pos += body_len + MKA_HDR_LEN;
+	}
+
+	return FALSE;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_live_peer_body -
+ */
+static int ieee802_1x_mka_decode_live_peer_body(
+	struct ieee802_1x_mka_participant *participant,
+	const u8 *peer_msg, size_t msg_len)
+{
+	const struct ieee802_1x_mka_hdr *hdr;
+	struct ieee802_1x_kay_peer *peer;
+	size_t body_len;
+	u32 peer_mn;
+	const u8 *peer_mi;
+	size_t i;
+	Boolean is_included;
+
+	is_included = ieee802_1x_kay_is_in_live_peer(
+		participant, participant->current_peer_id.mi);
+
+	hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
+	body_len = get_mka_param_body_len(hdr);
+
+	for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
+		peer_mi = MKA_HDR_LEN + peer_msg + i;
+		os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
+		peer_mn = be_to_host32(peer_mn);
+
+		/* it is myself */
+		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
+			/* My message id is used by other participant */
+			if (peer_mn > participant->mn) {
+				os_get_random(participant->mi,
+					      sizeof(participant->mi));
+				participant->mn = 0;
+			}
+			continue;
+		}
+		if (!is_included)
+			continue;
+
+		peer = ieee802_1x_kay_get_peer(participant, peer_mi);
+		if (NULL != peer) {
+			peer->mn = peer_mn;
+			peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+		} else {
+			if (!ieee802_1x_kay_create_potential_peer(
+				participant, peer_mi, peer_mn)) {
+				return -1;
+			}
+		}
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_potential_peer_body -
+ */
+static int
+ieee802_1x_mka_decode_potential_peer_body(
+	struct ieee802_1x_mka_participant *participant,
+	const u8 *peer_msg, size_t msg_len)
+{
+	struct ieee802_1x_mka_hdr *hdr;
+	size_t body_len;
+	u32 peer_mn;
+	const u8 *peer_mi;
+	size_t i;
+
+	hdr = (struct ieee802_1x_mka_hdr *) peer_msg;
+	body_len = get_mka_param_body_len(hdr);
+
+	for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
+		peer_mi = MKA_HDR_LEN + peer_msg + i;
+		os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
+		peer_mn = be_to_host32(peer_mn);
+
+		/* it is myself */
+		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
+			/* My message id is used by other participant */
+			if (peer_mn > participant->mn) {
+				os_get_random(participant->mi,
+					      sizeof(participant->mi));
+				participant->mn = 0;
+			}
+			continue;
+		}
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_sak_use_body_present
+ */
+static Boolean
+ieee802_1x_mka_sak_use_body_present(
+	struct ieee802_1x_mka_participant *participant)
+{
+	if (participant->to_use_sak)
+		return TRUE;
+	else
+		return FALSE;
+}
+
+
+/**
+ * ieee802_1x_mka_get_sak_use_length
+ */
+static int
+ieee802_1x_mka_get_sak_use_length(
+	struct ieee802_1x_mka_participant *participant)
+{
+	int length = MKA_HDR_LEN;
+
+	if (participant->kay->macsec_desired && participant->advised_desired)
+		length = sizeof(struct ieee802_1x_mka_sak_use_body);
+	else
+		length = MKA_HDR_LEN;
+
+	length = (length + 0x3) & ~0x3;
+
+	return length;
+}
+
+
+/**
+ *
+ */
+static u32
+ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal,
+		       struct ieee802_1x_mka_ki *ki)
+{
+	struct receive_sa *rxsa;
+	struct receive_sc *rxsc;
+	u32 lpn = 0;
+
+	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+		dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
+		{
+			if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
+				secy_get_receive_lowest_pn(principal->kay,
+							   rxsa);
+
+				lpn = lpn > rxsa->lowest_pn ?
+					lpn : rxsa->lowest_pn;
+				break;
+			}
+		}
+	}
+
+	if (lpn == 0)
+		lpn = 1;
+
+	return lpn;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_sak_use_body -
+ */
+static int
+ieee802_1x_mka_encode_sak_use_body(
+	struct ieee802_1x_mka_participant *participant,
+	struct wpabuf *buf)
+{
+	struct ieee802_1x_mka_sak_use_body *body;
+	unsigned int length;
+	u32 pn = 1;
+
+	length = ieee802_1x_mka_get_sak_use_length(participant);
+	body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_sak_use_body));
+
+	body->type = MKA_SAK_USE;
+	set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+	if (length == MKA_HDR_LEN) {
+		body->ptx = TRUE;
+		body->prx = TRUE;
+		body->lan = 0;
+		body->lrx = FALSE;
+		body->ltx = FALSE;
+		body->delay_protect = FALSE;
+		return 0;
+	}
+
+	/* data protect, lowest accept packet number */
+	body->delay_protect = participant->kay->macsec_replay_protect;
+	pn = ieee802_1x_mka_get_lpn(participant, &participant->lki);
+	if (pn > participant->kay->pn_exhaustion) {
+		wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
+		if (participant->is_key_server)
+			participant->new_sak = TRUE;
+	}
+
+	body->llpn = host_to_be32(pn);
+	pn = ieee802_1x_mka_get_lpn(participant, &participant->oki);
+	body->olpn = host_to_be32(pn);
+
+	/* plain tx, plain rx */
+	if (participant->kay->macsec_protect)
+		body->ptx = FALSE;
+	else
+		body->ptx = TRUE;
+
+	if (participant->kay->macsec_validate == Strict)
+		body->prx = FALSE;
+	else
+		body->prx = TRUE;
+
+	/* latest key: rx, tx, key server member identifier key number */
+	body->lan = participant->lan;
+	os_memcpy(body->lsrv_mi, participant->lki.mi,
+		  sizeof(body->lsrv_mi));
+	body->lkn = host_to_be32(participant->lki.kn);
+	body->lrx = participant->lrx;
+	body->ltx = participant->ltx;
+
+	/* old key: rx, tx, key server member identifier key number */
+	body->oan = participant->oan;
+	if (participant->oki.kn != participant->lki.kn &&
+	    participant->oki.kn != 0) {
+		body->otx = TRUE;
+		body->orx = TRUE;
+		os_memcpy(body->osrv_mi, participant->oki.mi,
+			  sizeof(body->osrv_mi));
+		body->okn = host_to_be32(participant->oki.kn);
+	} else {
+		body->otx = FALSE;
+		body->orx = FALSE;
+	}
+
+	/* set CP's variable */
+	if (body->ltx) {
+		if (!participant->kay->tx_enable)
+			participant->kay->tx_enable = TRUE;
+
+		if (!participant->kay->port_enable)
+			participant->kay->port_enable = TRUE;
+	}
+	if (body->lrx) {
+		if (!participant->kay->rx_enable)
+			participant->kay->rx_enable = TRUE;
+	}
+
+	ieee802_1x_mka_dump_sak_use_body(body);
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_sak_use_body -
+ */
+static int
+ieee802_1x_mka_decode_sak_use_body(
+	struct ieee802_1x_mka_participant *participant,
+	const u8 *mka_msg, size_t msg_len)
+{
+	struct ieee802_1x_mka_hdr *hdr;
+	struct ieee802_1x_mka_sak_use_body *body;
+	struct ieee802_1x_kay_peer *peer;
+	struct transmit_sa *txsa;
+	struct data_key *sa_key = NULL;
+	size_t body_len;
+	struct ieee802_1x_mka_ki ki;
+	u32 lpn;
+	Boolean all_receiving;
+	Boolean founded;
+
+	if (!participant->principal) {
+		wpa_printf(MSG_WARNING, "KaY: Participant is not principal");
+		return -1;
+	}
+	peer = ieee802_1x_kay_get_live_peer(participant,
+					    participant->current_peer_id.mi);
+	if (!peer) {
+		wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
+		return -1;
+	}
+
+	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+	body_len = get_mka_param_body_len(hdr);
+	body = (struct ieee802_1x_mka_sak_use_body *) mka_msg;
+	ieee802_1x_mka_dump_sak_use_body(body);
+
+	if ((body_len != 0) && (body_len < 40)) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 40, or more octets",
+			   (int) body_len);
+		return -1;
+	}
+
+	/* TODO: what action should I take when peer does not support MACsec */
+	if (body_len == 0) {
+		wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec");
+		return 0;
+	}
+
+	/* TODO: when the plain tx or rx of peer is true, should I change
+	 * the attribute of controlled port
+	 */
+	if (body->prx)
+		wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE");
+
+	if (body->ptx)
+		wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE");
+
+	/* check latest key is valid */
+	if (body->ltx || body->lrx) {
+		founded = FALSE;
+		os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
+		ki.kn = ntohl(body->lkn);
+		dl_list_for_each(sa_key, &participant->sak_list,
+				 struct data_key, list) {
+			if (is_ki_equal(&sa_key->key_identifier, &ki)) {
+				founded = TRUE;
+				break;
+			}
+		}
+		if (!founded) {
+			wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
+			return -1;
+		}
+		if (os_memcmp(participant->lki.mi, body->lsrv_mi,
+			      sizeof(participant->lki.mi)) == 0 &&
+		    ntohl(body->lkn) == participant->lki.kn &&
+		    body->lan == participant->lan) {
+			peer->sak_used = TRUE;
+		}
+		if (body->ltx && peer->is_key_server) {
+			ieee802_1x_cp_set_servertransmitting(
+				participant->kay->cp, TRUE);
+			ieee802_1x_cp_sm_step(participant->kay->cp);
+		}
+	}
+
+	/* check old key is valid */
+	if (body->otx || body->orx) {
+		if (os_memcmp(participant->oki.mi, body->osrv_mi,
+			      sizeof(participant->oki.mi)) != 0 ||
+		    ntohl(body->okn) != participant->oki.kn ||
+		    body->oan != participant->oan) {
+			wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
+			return -1;
+		}
+	}
+
+	/* TODO: how to set the MACsec hardware when delay_protect is true */
+	if (body->delay_protect && (!ntohl(body->llpn) || !ntohl(body->olpn))) {
+		wpa_printf(MSG_WARNING,
+			   "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
+		return -1;
+	}
+
+	/* check all live peer have used the sak for receiving sa */
+	all_receiving = TRUE;
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		if (!peer->sak_used) {
+			all_receiving = FALSE;
+			break;
+		}
+	}
+	if (all_receiving) {
+		participant->to_dist_sak = FALSE;
+		ieee802_1x_cp_set_allreceiving(participant->kay->cp, TRUE);
+		ieee802_1x_cp_sm_step(participant->kay->cp);
+	}
+
+	/* if i'm key server, and detects peer member pn exhaustion, rekey.*/
+	lpn = ntohl(body->llpn);
+	if (lpn > participant->kay->pn_exhaustion) {
+		if (participant->is_key_server) {
+			participant->new_sak = TRUE;
+			wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion");
+		}
+	}
+
+	founded = FALSE;
+	dl_list_for_each(txsa, &participant->txsc->sa_list,
+			 struct transmit_sa, list) {
+		if (sa_key != NULL && txsa->pkey == sa_key) {
+			founded = TRUE;
+			break;
+		}
+	}
+	if (!founded) {
+		wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
+		return -1;
+	}
+
+	/* FIXME: Secy creates txsa with default npn. If MKA detected Latest Key
+	 * npn is larger than txsa's npn, set it to txsa.
+	 */
+	secy_get_transmit_next_pn(participant->kay, txsa);
+	if (lpn > txsa->next_pn) {
+		secy_set_transmit_next_pn(participant->kay, txsa);
+		wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_dist_sak_body_present
+ */
+static Boolean
+ieee802_1x_mka_dist_sak_body_present(
+	struct ieee802_1x_mka_participant *participant)
+{
+	if (!participant->to_dist_sak || !participant->new_key)
+		return FALSE;
+
+	return TRUE;
+}
+
+
+/**
+ * ieee802_1x_kay_get_dist_sak_length
+ */
+static int
+ieee802_1x_mka_get_dist_sak_length(
+	struct ieee802_1x_mka_participant *participant)
+{
+	int length;
+	int cs_index = participant->kay->macsec_csindex;
+
+	if (participant->advised_desired) {
+		length = sizeof(struct ieee802_1x_mka_dist_sak_body);
+		if (cs_index != DEFAULT_CS_INDEX)
+			length += CS_ID_LEN;
+
+		length += cipher_suite_tbl[cs_index].sak_len + 8;
+	} else {
+		length = MKA_HDR_LEN;
+	}
+	length = (length + 0x3) & ~0x3;
+
+	return length;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_dist_sak_body -
+ */
+static int
+ieee802_1x_mka_encode_dist_sak_body(
+	struct ieee802_1x_mka_participant *participant,
+	struct wpabuf *buf)
+{
+	struct ieee802_1x_mka_dist_sak_body *body;
+	struct data_key *sak;
+	unsigned int length;
+	int cs_index;
+	int sak_pos;
+
+	length = ieee802_1x_mka_get_dist_sak_length(participant);
+	body = wpabuf_put(buf, length);
+	body->type = MKA_DISTRIBUTED_SAK;
+	set_mka_param_body_len(body, length - MKA_HDR_LEN);
+	if (length == MKA_HDR_LEN) {
+		body->confid_offset = 0;
+		body->dan = 0;
+		return 0;
+	}
+
+	sak = participant->new_key;
+	body->confid_offset = sak->confidentiality_offset;
+	body->dan = sak->an;
+	body->kn = host_to_be32(sak->key_identifier.kn);
+	cs_index = participant->kay->macsec_csindex;
+	sak_pos = 0;
+	if (cs_index != DEFAULT_CS_INDEX) {
+		os_memcpy(body->sak, cipher_suite_tbl[cs_index].id, CS_ID_LEN);
+		sak_pos = CS_ID_LEN;
+	}
+	if (aes_wrap(participant->kek.key,
+		     cipher_suite_tbl[cs_index].sak_len / 8,
+		     sak->key, body->sak + sak_pos)) {
+		wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
+		return -1;
+	}
+
+	ieee802_1x_mka_dump_dist_sak_body(body);
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_init_data_key -
+ */
+static struct data_key *
+ieee802_1x_kay_init_data_key(const struct key_conf *conf)
+{
+	struct data_key *pkey;
+
+	if (!conf)
+		return NULL;
+
+	pkey = os_zalloc(sizeof(*pkey));
+	if (pkey == NULL) {
+		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+		return NULL;
+	}
+
+	pkey->key = os_zalloc(conf->key_len);
+	if (pkey->key == NULL) {
+		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+		os_free(pkey);
+		return NULL;
+	}
+
+	os_memcpy(pkey->key, conf->key, conf->key_len);
+	os_memcpy(&pkey->key_identifier, &conf->ki,
+		  sizeof(pkey->key_identifier));
+	pkey->confidentiality_offset = conf->offset;
+	pkey->an = conf->an;
+	pkey->transmits = conf->tx;
+	pkey->receives = conf->rx;
+	os_get_time(&pkey->created_time);
+
+	pkey->user = 1;
+
+	return pkey;
+}
+
+
+/**
+ * ieee802_1x_kay_decode_dist_sak_body -
+ */
+static int
+ieee802_1x_mka_decode_dist_sak_body(
+	struct ieee802_1x_mka_participant *participant,
+	const u8 *mka_msg, size_t msg_len)
+{
+	struct ieee802_1x_mka_hdr *hdr;
+	struct ieee802_1x_mka_dist_sak_body *body;
+	struct ieee802_1x_kay_peer *peer;
+	struct macsec_ciphersuite *cs;
+	size_t body_len;
+	struct key_conf *conf;
+	struct data_key *sa_key = NULL;
+	struct ieee802_1x_mka_ki sak_ki;
+	int sak_len;
+	u8 *wrap_sak;
+	u8 *unwrap_sak;
+
+	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+	body_len = get_mka_param_body_len(hdr);
+	if ((body_len != 0) && (body_len != 28) && (body_len < 36)) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 28, 36, or more octets",
+			   (int) body_len);
+		return -1;
+	}
+
+	if (!participant->principal) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: I can't accept the distributed SAK as I am not principal");
+		return -1;
+	}
+	if (participant->is_key_server) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: I can't accept the distributed SAK as myself is key server ");
+		return -1;
+	}
+	if (!participant->kay->macsec_desired ||
+	    participant->kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: I am not MACsec-desired or without MACsec capable");
+		return -1;
+	}
+
+	peer = ieee802_1x_kay_get_live_peer(participant,
+					    participant->current_peer_id.mi);
+	if (!peer) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: The key server is not in my live peers list");
+		return -1;
+	}
+	if (os_memcmp(&participant->kay->key_server_sci,
+		      &peer->sci, sizeof(struct ieee802_1x_mka_sci)) != 0) {
+		wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
+		return -1;
+	}
+	if (body_len == 0) {
+		participant->kay->authenticated = TRUE;
+		participant->kay->secured = FALSE;
+		participant->kay->failed = FALSE;
+		participant->advised_desired = FALSE;
+		ieee802_1x_cp_connect_authenticated(participant->kay->cp);
+		ieee802_1x_cp_sm_step(participant->kay->cp);
+		wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
+		participant->to_use_sak = TRUE;
+		return 0;
+	}
+	participant->advised_desired = TRUE;
+	participant->kay->authenticated = FALSE;
+	participant->kay->secured = TRUE;
+	participant->kay->failed = FALSE;
+	ieee802_1x_cp_connect_secure(participant->kay->cp);
+	ieee802_1x_cp_sm_step(participant->kay->cp);
+
+	body = (struct ieee802_1x_mka_dist_sak_body *)mka_msg;
+	ieee802_1x_mka_dump_dist_sak_body(body);
+	dl_list_for_each(sa_key, &participant->sak_list, struct data_key, list)
+	{
+		if (os_memcmp(sa_key->key_identifier.mi,
+			      participant->current_peer_id.mi, MI_LEN) == 0 &&
+		    sa_key->key_identifier.kn == be_to_host32(body->kn)) {
+			wpa_printf(MSG_WARNING, "KaY:The Key has installed");
+			return 0;
+		}
+	}
+	if (body_len == 28) {
+		sak_len = DEFAULT_SA_KEY_LEN;
+		wrap_sak =  body->sak;
+		participant->kay->macsec_csindex = DEFAULT_CS_INDEX;
+	} else {
+		cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
+		if (!cs) {
+			wpa_printf(MSG_ERROR,
+				   "KaY: I can't support the Cipher Suite advised by key server");
+			return -1;
+		}
+		sak_len = cs->sak_len;
+		wrap_sak = body->sak + CS_ID_LEN;
+		participant->kay->macsec_csindex = cs->index;
+	}
+
+	unwrap_sak = os_zalloc(sak_len);
+	if (!unwrap_sak) {
+		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+		return -1;
+	}
+	if (aes_unwrap(participant->kek.key, sak_len >> 3, wrap_sak,
+		       unwrap_sak)) {
+		wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
+		os_free(unwrap_sak);
+		return -1;
+	}
+	wpa_hexdump(MSG_DEBUG, "\tAES Key Unwrap of SAK:", unwrap_sak, sak_len);
+
+	conf = os_zalloc(sizeof(*conf));
+	if (!conf) {
+		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+		os_free(unwrap_sak);
+		return -1;
+	}
+	conf->key_len = sak_len;
+
+	conf->key = os_zalloc(conf->key_len);
+	if (!conf->key) {
+		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+		os_free(unwrap_sak);
+		os_free(conf);
+		return -1;
+	}
+
+	os_memcpy(conf->key, unwrap_sak, conf->key_len);
+
+	os_memcpy(&sak_ki.mi, &participant->current_peer_id.mi,
+		  sizeof(sak_ki.mi));
+	sak_ki.kn = be_to_host32(body->kn);
+
+	os_memcpy(conf->ki.mi, sak_ki.mi, MI_LEN);
+	conf->ki.kn = sak_ki.kn;
+	conf->an = body->dan;
+	conf->offset = body->confid_offset;
+	conf->rx = TRUE;
+	conf->tx = TRUE;
+
+	sa_key = ieee802_1x_kay_init_data_key(conf);
+	if (!sa_key) {
+		os_free(unwrap_sak);
+		os_free(conf->key);
+		os_free(conf);
+		return -1;
+	}
+
+	dl_list_add(&participant->sak_list, &sa_key->list);
+
+	ieee802_1x_cp_set_ciphersuite(
+		participant->kay->cp,
+		cipher_suite_tbl[participant->kay->macsec_csindex].id);
+	ieee802_1x_cp_sm_step(participant->kay->cp);
+	ieee802_1x_cp_set_offset(participant->kay->cp, body->confid_offset);
+	ieee802_1x_cp_sm_step(participant->kay->cp);
+	ieee802_1x_cp_set_distributedki(participant->kay->cp, &sak_ki);
+	ieee802_1x_cp_set_distributedan(participant->kay->cp, body->dan);
+	ieee802_1x_cp_signal_newsak(participant->kay->cp);
+	ieee802_1x_cp_sm_step(participant->kay->cp);
+
+	participant->to_use_sak = TRUE;
+
+	os_free(unwrap_sak);
+	os_free(conf->key);
+	os_free(conf);
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_icv_body_present
+ */
+static Boolean
+ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant)
+{
+	return TRUE;
+}
+
+
+/**
+ * ieee802_1x_kay_get_icv_length
+ */
+static int
+ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant)
+{
+	int length;
+
+	length = sizeof(struct ieee802_1x_mka_icv_body);
+	length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
+
+	return (length + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_icv_body -
+ */
+static int
+ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
+			       struct wpabuf *buf)
+{
+	struct ieee802_1x_mka_icv_body *body;
+	unsigned int length;
+	u8 cmac[MAX_ICV_LEN];
+
+	length = ieee802_1x_mka_get_icv_length(participant);
+	if (length != DEFAULT_ICV_LEN)  {
+		body = wpabuf_put(buf, MKA_HDR_LEN);
+		body->type = MKA_ICV_INDICATOR;
+		set_mka_param_body_len(body, length - MKA_HDR_LEN);
+	}
+
+	if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
+		    participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
+		wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
+		return -1;
+	}
+
+	if (length != DEFAULT_ICV_LEN)  {
+		os_memcpy(wpabuf_put(buf, length - MKA_HDR_LEN), cmac,
+			  length - MKA_HDR_LEN);
+	} else {
+		os_memcpy(wpabuf_put(buf, length), cmac, length);
+	}
+
+	return 0;
+}
+
+/**
+ * ieee802_1x_mka_decode_icv_body -
+ */
+static u8 *
+ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
+			       const u8 *mka_msg, size_t msg_len)
+{
+	struct ieee802_1x_mka_hdr *hdr;
+	struct ieee802_1x_mka_icv_body *body;
+	size_t body_len;
+	size_t left_len;
+	int body_type;
+	const u8 *pos;
+
+	pos = mka_msg;
+	left_len = msg_len;
+	while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
+		hdr = (struct ieee802_1x_mka_hdr *) pos;
+		body_len = get_mka_param_body_len(hdr);
+		body_type = get_mka_param_body_type(hdr);
+
+		if (left_len < (body_len + MKA_HDR_LEN))
+			break;
+
+		if (body_type != MKA_ICV_INDICATOR) {
+			left_len -= MKA_HDR_LEN + body_len;
+			pos += MKA_HDR_LEN + body_len;
+			continue;
+		}
+
+		body = (struct ieee802_1x_mka_icv_body *)pos;
+		if (body_len
+			< mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
+			return NULL;
+		}
+
+		return body->icv;
+	}
+
+	return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN);
+}
+
+
+/**
+ * ieee802_1x_mka_decode_dist_cak_body-
+ */
+static int
+ieee802_1x_mka_decode_dist_cak_body(
+	struct ieee802_1x_mka_participant *participant,
+	const u8 *mka_msg, size_t msg_len)
+{
+	struct ieee802_1x_mka_hdr *hdr;
+	size_t body_len;
+
+	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+	body_len = get_mka_param_body_len(hdr);
+	if (body_len < 28) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 28 or more octets",
+			   (int) body_len);
+		return -1;
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_kmd_body -
+ */
+static int
+ieee802_1x_mka_decode_kmd_body(
+	struct ieee802_1x_mka_participant *participant,
+	const u8 *mka_msg, size_t msg_len)
+{
+	struct ieee802_1x_mka_hdr *hdr;
+	size_t body_len;
+
+	hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+	body_len = get_mka_param_body_len(hdr);
+	if (body_len < 5) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 5 or more octets",
+			   (int) body_len);
+		return -1;
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_announce_body -
+ */
+static int ieee802_1x_mka_decode_announce_body(
+	struct ieee802_1x_mka_participant *participant,
+	const u8 *mka_msg, size_t msg_len)
+{
+	return 0;
+}
+
+
+static struct mka_param_body_handler mak_body_handler[] = {
+	/* basic parameter set */
+	{
+		ieee802_1x_mka_encode_basic_body,
+		NULL,
+		ieee802_1x_mka_basic_body_length,
+		ieee802_1x_mka_basic_body_present
+	},
+
+	/* live peer list parameter set */
+	{
+		ieee802_1x_mka_encode_live_peer_body,
+		ieee802_1x_mka_decode_live_peer_body,
+		ieee802_1x_mka_get_live_peer_length,
+		ieee802_1x_mka_live_peer_body_present
+	},
+
+	/* potential peer list parameter set */
+	{
+		ieee802_1x_mka_encode_potential_peer_body,
+		ieee802_1x_mka_decode_potential_peer_body,
+		ieee802_1x_mka_get_potential_peer_length,
+		ieee802_1x_mka_potential_peer_body_present
+	},
+
+	/* sak use parameter set */
+	{
+		ieee802_1x_mka_encode_sak_use_body,
+		ieee802_1x_mka_decode_sak_use_body,
+		ieee802_1x_mka_get_sak_use_length,
+		ieee802_1x_mka_sak_use_body_present
+	},
+
+	/* distribute sak parameter set */
+	{
+		ieee802_1x_mka_encode_dist_sak_body,
+		ieee802_1x_mka_decode_dist_sak_body,
+		ieee802_1x_mka_get_dist_sak_length,
+		ieee802_1x_mka_dist_sak_body_present
+	},
+
+	/* distribute cak parameter set */
+	{
+		NULL,
+		ieee802_1x_mka_decode_dist_cak_body,
+		NULL,
+		NULL
+	},
+
+	/* kmd parameter set */
+	{
+		NULL,
+		ieee802_1x_mka_decode_kmd_body,
+		NULL,
+		NULL
+	},
+
+	/* announce parameter set */
+	{
+		NULL,
+		ieee802_1x_mka_decode_announce_body,
+		NULL,
+		NULL
+	},
+
+	/* icv parameter set */
+	{
+		ieee802_1x_mka_encode_icv_body,
+		NULL,
+		ieee802_1x_mka_get_icv_length,
+		ieee802_1x_mka_icv_body_present
+	},
+};
+
+
+/**
+ * ieee802_1x_kay_deinit_data_key -
+ */
+void ieee802_1x_kay_deinit_data_key(struct data_key *pkey)
+{
+	if (!pkey)
+		return;
+
+	pkey->user--;
+	if (pkey->user > 1)
+		return;
+
+	dl_list_del(&pkey->list);
+	os_free(pkey->key);
+	os_free(pkey);
+}
+
+
+/**
+ * ieee802_1x_kay_generate_new_sak -
+ */
+static int
+ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
+{
+	struct data_key *sa_key = NULL;
+	struct key_conf *conf;
+	struct ieee802_1x_kay_peer *peer;
+	struct ieee802_1x_kay *kay = participant->kay;
+	int ctx_len, ctx_offset;
+	u8 *context;
+
+	/* check condition for generating a fresh SAK:
+	 * must have one live peer
+	 * and MKA life time elapse since last distribution
+	 * or potential peer is empty
+	 */
+	if (dl_list_empty(&participant->live_peers)) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: Live peers list must not empty when generating fresh SAK");
+		return -1;
+	}
+
+	/* FIXME: A fresh SAK not generated until
+	 * the live peer list contains at least one peer and
+	 * MKA life time has elapsed since the prior SAK was first distributed,
+	 * or the Key server's potential peer is empty
+	 * but I can't understand the second item, so
+	 * here only check first item and ingore
+	 *   && (!dl_list_empty(&participant->potential_peers))) {
+	 */
+	if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: Life time have not elapsed since prior SAK distributed");
+		return -1;
+	}
+
+	conf = os_zalloc(sizeof(*conf));
+	if (!conf) {
+		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+		return -1;
+	}
+	conf->key_len = cipher_suite_tbl[kay->macsec_csindex].sak_len;
+
+	conf->key = os_zalloc(conf->key_len);
+	if (!conf->key) {
+		os_free(conf);
+		wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+		return -1;
+	}
+
+	ctx_len = conf->key_len + sizeof(kay->dist_kn);
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list)
+		ctx_len += sizeof(peer->mi);
+	ctx_len += sizeof(participant->mi);
+
+	context = os_zalloc(ctx_len);
+	if (!context) {
+		os_free(conf->key);
+		os_free(conf);
+		return -1;
+	}
+	ctx_offset = 0;
+	os_get_random(context + ctx_offset, conf->key_len);
+	ctx_offset += conf->key_len;
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		os_memcpy(context + ctx_offset, peer->mi, sizeof(peer->mi));
+		ctx_offset += sizeof(peer->mi);
+	}
+	os_memcpy(context + ctx_offset, participant->mi,
+		  sizeof(participant->mi));
+	ctx_offset += sizeof(participant->mi);
+	os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
+
+	if (conf->key_len == 16) {
+		ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+						context, ctx_len, conf->key);
+	} else if (conf->key_len == 32) {
+		ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+						context, ctx_len, conf->key);
+	} else {
+		wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
+		os_free(conf->key);
+		os_free(conf);
+		os_free(context);
+		return -1;
+	}
+	wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK",
+		    conf->key, conf->key_len);
+
+	os_memcpy(conf->ki.mi, participant->mi, MI_LEN);
+	conf->ki.kn = participant->kay->dist_kn;
+	conf->an = participant->kay->dist_an;
+	conf->offset = kay->macsec_confidentiality;
+	conf->rx = TRUE;
+	conf->tx = TRUE;
+
+	sa_key = ieee802_1x_kay_init_data_key(conf);
+	if (!sa_key) {
+		os_free(conf->key);
+		os_free(conf);
+		os_free(context);
+		return -1;
+	}
+	participant->new_key = sa_key;
+
+	dl_list_add(&participant->sak_list, &sa_key->list);
+	ieee802_1x_cp_set_ciphersuite(participant->kay->cp,
+				      cipher_suite_tbl[kay->macsec_csindex].id);
+	ieee802_1x_cp_sm_step(kay->cp);
+	ieee802_1x_cp_set_offset(kay->cp, conf->offset);
+	ieee802_1x_cp_sm_step(kay->cp);
+	ieee802_1x_cp_set_distributedki(kay->cp, &conf->ki);
+	ieee802_1x_cp_set_distributedan(kay->cp, conf->an);
+	ieee802_1x_cp_signal_newsak(kay->cp);
+	ieee802_1x_cp_sm_step(kay->cp);
+
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list)
+		peer->sak_used = FALSE;
+
+	participant->kay->dist_kn++;
+	participant->kay->dist_an++;
+	if (participant->kay->dist_an > 3)
+		participant->kay->dist_an = 0;
+
+	participant->kay->dist_time = time(NULL);
+
+	os_free(conf->key);
+	os_free(conf);
+	os_free(context);
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_elect_key_server - elect the key server
+ * when to elect: whenever the live peers list changes
+ */
+static int
+ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
+{
+	struct ieee802_1x_kay_peer *peer;
+	struct ieee802_1x_kay_peer *key_server = NULL;
+	struct ieee802_1x_kay *kay = participant->kay;
+	Boolean i_is_key_server;
+	int i;
+
+	if (participant->is_obliged_key_server) {
+		participant->new_sak = TRUE;
+		participant->to_dist_sak = FALSE;
+		ieee802_1x_cp_set_electedself(kay->cp, TRUE);
+		return 0;
+	}
+
+	/* elect the key server among the peers */
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		if (!peer->is_key_server)
+			continue;
+
+		if (!key_server) {
+			key_server = peer;
+			continue;
+		}
+
+		if (peer->key_server_priority <
+		    key_server->key_server_priority) {
+			key_server = peer;
+		} else if (peer->key_server_priority ==
+			   key_server->key_server_priority) {
+			for (i = 0; i < 6; i++) {
+				if (peer->sci.addr[i] <
+				    key_server->sci.addr[i])
+					key_server = peer;
+			}
+		}
+	}
+
+	/* elect the key server between me and the above elected peer */
+	i_is_key_server = FALSE;
+	if (key_server && participant->can_be_key_server) {
+		if (kay->actor_priority
+			   < key_server->key_server_priority) {
+			i_is_key_server = TRUE;
+		} else if (kay->actor_priority
+					== key_server->key_server_priority) {
+			for (i = 0; i < 6; i++) {
+				if (kay->actor_sci.addr[i]
+					< key_server->sci.addr[i]) {
+					i_is_key_server = TRUE;
+				}
+			}
+		}
+	}
+
+	if (!key_server && !i_is_key_server) {
+		participant->principal = FALSE;
+		participant->is_key_server = FALSE;
+		participant->is_elected = FALSE;
+		return 0;
+	}
+
+	if (i_is_key_server) {
+		ieee802_1x_cp_set_electedself(kay->cp, TRUE);
+		if (os_memcmp(&kay->key_server_sci, &kay->actor_sci,
+			      sizeof(kay->key_server_sci))) {
+			ieee802_1x_cp_signal_chgdserver(kay->cp);
+			ieee802_1x_cp_sm_step(kay->cp);
+		}
+
+		participant->is_key_server = TRUE;
+		participant->principal = TRUE;
+		participant->new_sak = TRUE;
+		wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
+		participant->to_dist_sak = FALSE;
+		participant->is_elected = TRUE;
+
+		os_memcpy(&kay->key_server_sci, &kay->actor_sci,
+			  sizeof(kay->key_server_sci));
+		kay->key_server_priority = kay->actor_priority;
+	}
+
+	if (key_server) {
+		ieee802_1x_cp_set_electedself(kay->cp, FALSE);
+		if (os_memcmp(&kay->key_server_sci, &key_server->sci,
+			      sizeof(kay->key_server_sci))) {
+			ieee802_1x_cp_signal_chgdserver(kay->cp);
+			ieee802_1x_cp_sm_step(kay->cp);
+		}
+
+		participant->is_key_server = FALSE;
+		participant->principal = TRUE;
+		participant->is_elected = TRUE;
+
+		os_memcpy(&kay->key_server_sci, &key_server->sci,
+			  sizeof(kay->key_server_sci));
+		kay->key_server_priority = key_server->key_server_priority;
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_decide_macsec_use - the key server determinate
+ *		 how to use MACsec: whether use MACsec and its capability
+ * protectFrames will be advised if the key server and one of its live peers are
+ * MACsec capable and one of those request MACsec protection
+ */
+static int
+ieee802_1x_kay_decide_macsec_use(
+	struct ieee802_1x_mka_participant *participant)
+{
+	struct ieee802_1x_kay *kay = participant->kay;
+	struct ieee802_1x_kay_peer *peer;
+	enum macsec_cap less_capability;
+	Boolean has_peer;
+
+	if (!participant->is_key_server)
+		return -1;
+
+	/* key server self is MACsec-desired and requesting MACsec */
+	if (!kay->macsec_desired) {
+		participant->advised_desired = FALSE;
+		return -1;
+	}
+	if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
+		participant->advised_desired = FALSE;
+		return -1;
+	}
+	less_capability = kay->macsec_capable;
+
+	/* at least one of peers is MACsec-desired and requesting MACsec */
+	has_peer = FALSE;
+	dl_list_for_each(peer, &participant->live_peers,
+			 struct ieee802_1x_kay_peer, list) {
+		if (!peer->macsec_desired)
+			continue;
+
+		if (peer->macsec_capbility == MACSEC_CAP_NOT_IMPLEMENTED)
+			continue;
+
+		less_capability = (less_capability < peer->macsec_capbility) ?
+			less_capability : peer->macsec_capbility;
+		has_peer = TRUE;
+	}
+
+	if (has_peer) {
+		participant->advised_desired = TRUE;
+		participant->advised_capability = less_capability;
+		kay->authenticated = FALSE;
+		kay->secured = TRUE;
+		kay->failed = FALSE;
+		ieee802_1x_cp_connect_secure(kay->cp);
+		ieee802_1x_cp_sm_step(kay->cp);
+	} else {
+		participant->advised_desired = FALSE;
+		participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED;
+		participant->to_use_sak = FALSE;
+		kay->authenticated = TRUE;
+		kay->secured = FALSE;
+		kay->failed = FALSE;
+		kay->ltx_kn = 0;
+		kay->ltx_an = 0;
+		kay->lrx_kn = 0;
+		kay->lrx_an = 0;
+		kay->otx_kn = 0;
+		kay->otx_an = 0;
+		kay->orx_kn = 0;
+		kay->orx_an = 0;
+		ieee802_1x_cp_connect_authenticated(kay->cp);
+		ieee802_1x_cp_sm_step(kay->cp);
+	}
+
+	return 0;
+}
+
+static const u8 pae_group_addr[ETH_ALEN] = {
+	0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
+};
+
+
+/**
+ * ieee802_1x_kay_encode_mkpdu -
+ */
+static int
+ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant,
+			    struct wpabuf *pbuf)
+{
+	unsigned int i;
+	struct ieee8023_hdr *ether_hdr;
+	struct ieee802_1x_hdr *eapol_hdr;
+
+	ether_hdr = wpabuf_put(pbuf, sizeof(*ether_hdr));
+	os_memcpy(ether_hdr->dest, pae_group_addr, sizeof(ether_hdr->dest));
+	os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
+		  sizeof(ether_hdr->dest));
+	ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL);
+
+	eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr));
+	eapol_hdr->version = EAPOL_VERSION;
+	eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
+	eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
+
+	for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
+		if (mak_body_handler[i].body_present &&
+		    mak_body_handler[i].body_present(participant)) {
+			if (mak_body_handler[i].body_tx(participant, pbuf))
+				return -1;
+		}
+	}
+
+	return 0;
+}
+
+/**
+ * ieee802_1x_participant_send_mkpdu -
+ */
+static int
+ieee802_1x_participant_send_mkpdu(
+	struct ieee802_1x_mka_participant *participant)
+{
+	struct wpabuf *buf;
+	struct ieee802_1x_kay *kay = participant->kay;
+	size_t length = 0;
+	unsigned int i;
+
+	wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
+	length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
+	for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
+		if (mak_body_handler[i].body_present &&
+		    mak_body_handler[i].body_present(participant))
+			length += mak_body_handler[i].body_length(participant);
+	}
+
+	buf = wpabuf_alloc(length);
+	if (!buf) {
+		wpa_printf(MSG_ERROR, "KaY: out of memory");
+		return -1;
+	}
+
+	if (ieee802_1x_kay_encode_mkpdu(participant, buf)) {
+		wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
+		return -1;
+	}
+
+	l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
+	wpabuf_free(buf);
+
+	kay->active = TRUE;
+	participant->active = TRUE;
+
+	return 0;
+}
+
+
+static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa);
+/**
+ * ieee802_1x_participant_timer -
+ */
+static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
+{
+	struct ieee802_1x_mka_participant *participant;
+	struct ieee802_1x_kay *kay;
+	struct ieee802_1x_kay_peer *peer, *pre_peer;
+	time_t now = time(NULL);
+	Boolean lp_changed;
+	struct receive_sc *rxsc, *pre_rxsc;
+	struct transmit_sa *txsa, *pre_txsa;
+
+	participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
+	kay = participant->kay;
+	if (participant->cak_life) {
+		if (now > participant->cak_life) {
+			kay->authenticated = FALSE;
+			kay->secured = FALSE;
+			kay->failed = TRUE;
+			ieee802_1x_kay_delete_mka(kay, &participant->ckn);
+			return;
+		}
+	}
+
+	/* should delete MKA instance if there are not live peers
+	 * when the MKA life elapsed since its creating */
+	if (participant->mka_life) {
+		if (dl_list_empty(&participant->live_peers)) {
+			if (now > participant->mka_life) {
+				kay->authenticated = FALSE;
+				kay->secured = FALSE;
+				kay->failed = TRUE;
+				ieee802_1x_kay_delete_mka(kay,
+							  &participant->ckn);
+				return;
+			}
+		} else {
+			participant->mka_life = 0;
+		}
+	}
+
+	lp_changed = FALSE;
+	dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
+			      struct ieee802_1x_kay_peer, list) {
+		if (now > peer->expire) {
+			wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
+			wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
+				    sizeof(peer->mi));
+			wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+			dl_list_for_each_safe(rxsc, pre_rxsc,
+					      &participant->rxsc_list,
+					      struct receive_sc, list) {
+				if (os_memcmp(&rxsc->sci, &peer->sci,
+					      sizeof(rxsc->sci)) == 0) {
+					secy_delete_receive_sc(kay, rxsc);
+					ieee802_1x_kay_deinit_receive_sc(
+						participant, rxsc);
+				}
+			}
+			dl_list_del(&peer->list);
+			os_free(peer);
+			lp_changed = TRUE;
+		}
+	}
+
+	if (lp_changed) {
+		if (dl_list_empty(&participant->live_peers)) {
+			participant->advised_desired = FALSE;
+			participant->advised_capability =
+				MACSEC_CAP_NOT_IMPLEMENTED;
+			participant->to_use_sak = FALSE;
+			kay->authenticated = TRUE;
+			kay->secured = FALSE;
+			kay->failed = FALSE;
+			kay->ltx_kn = 0;
+			kay->ltx_an = 0;
+			kay->lrx_kn = 0;
+			kay->lrx_an = 0;
+			kay->otx_kn = 0;
+			kay->otx_an = 0;
+			kay->orx_kn = 0;
+			kay->orx_an = 0;
+			dl_list_for_each_safe(txsa, pre_txsa,
+					      &participant->txsc->sa_list,
+					      struct transmit_sa, list) {
+				secy_disable_transmit_sa(kay, txsa);
+				ieee802_1x_kay_deinit_transmit_sa(txsa);
+			}
+
+			ieee802_1x_cp_connect_authenticated(kay->cp);
+			ieee802_1x_cp_sm_step(kay->cp);
+		} else {
+			ieee802_1x_kay_elect_key_server(participant);
+			ieee802_1x_kay_decide_macsec_use(participant);
+		}
+	}
+
+	dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
+			      struct ieee802_1x_kay_peer, list) {
+		if (now > peer->expire) {
+			wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
+			wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
+				    sizeof(peer->mi));
+			wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+			dl_list_del(&peer->list);
+			os_free(peer);
+		}
+	}
+
+	if (participant->new_sak) {
+		if (!ieee802_1x_kay_generate_new_sak(participant))
+			participant->to_dist_sak = TRUE;
+
+		participant->new_sak = FALSE;
+	}
+
+	if (participant->retry_count < MAX_RETRY_CNT) {
+		ieee802_1x_participant_send_mkpdu(participant);
+		participant->retry_count++;
+	}
+
+	eloop_register_timeout(MKA_HELLO_TIME / 1000, 0,
+			       ieee802_1x_participant_timer,
+			       participant, NULL);
+}
+
+
+/**
+ * ieee802_1x_kay_init_transmit_sa -
+ */
+static struct transmit_sa *
+ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN,
+				struct data_key *key)
+{
+	struct transmit_sa *psa;
+
+	key->tx_latest = TRUE;
+	key->rx_latest = TRUE;
+
+	psa = os_zalloc(sizeof(*psa));
+	if (!psa) {
+		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+		return NULL;
+	}
+
+	if (key->confidentiality_offset >= CONFIDENTIALITY_OFFSET_0 &&
+	    key->confidentiality_offset <= CONFIDENTIALITY_OFFSET_50)
+		psa->confidentiality = TRUE;
+	else
+		psa->confidentiality = FALSE;
+
+	psa->an = an;
+	psa->pkey = key;
+	psa->next_pn = next_PN;
+	psa->sc = psc;
+
+	os_get_time(&psa->created_time);
+	psa->in_use = FALSE;
+
+	dl_list_add(&psc->sa_list, &psa->list);
+	wpa_printf(MSG_DEBUG,
+		   "KaY: Create transmit SA(an: %d, next_PN: %u) of SC(channel: %d)",
+		   (int) an, next_PN, psc->channel);
+
+	return psa;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_transmit_sa -
+ */
+static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa)
+{
+	psa->pkey = NULL;
+	wpa_printf(MSG_DEBUG,
+		   "KaY: Delete transmit SA(an: %d) of SC(channel: %d)",
+		   psa->an, psa->sc->channel);
+	dl_list_del(&psa->list);
+	os_free(psa);
+}
+
+
+/**
+ * init_transmit_sc -
+ */
+static struct transmit_sc *
+ieee802_1x_kay_init_transmit_sc(const struct ieee802_1x_mka_sci *sci,
+				int channel)
+{
+	struct transmit_sc *psc;
+
+	psc = os_zalloc(sizeof(*psc));
+	if (!psc) {
+		wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+		return NULL;
+	}
+	os_memcpy(&psc->sci, sci, sizeof(psc->sci));
+	psc->channel = channel;
+
+	os_get_time(&psc->created_time);
+	psc->transmitting = FALSE;
+	psc->encoding_sa = FALSE;
+	psc->enciphering_sa = FALSE;
+
+	dl_list_init(&psc->sa_list);
+	wpa_printf(MSG_DEBUG, "KaY: Create transmit SC(channel: %d)", channel);
+	wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci));
+
+	return psc;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_transmit_sc -
+ */
+static void
+ieee802_1x_kay_deinit_transmit_sc(
+	struct ieee802_1x_mka_participant *participant, struct transmit_sc *psc)
+{
+	struct transmit_sa *psa, *tmp;
+
+	wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC(channel: %d)",
+		   psc->channel);
+	dl_list_for_each_safe(psa, tmp, &psc->sa_list, struct transmit_sa,
+			      list) {
+		secy_disable_transmit_sa(participant->kay, psa);
+		ieee802_1x_kay_deinit_transmit_sa(psa);
+	}
+
+	os_free(psc);
+}
+
+
+/****************** Interface between CP and KAY *********************/
+/**
+ * ieee802_1x_kay_set_latest_sa_attr -
+ */
+int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
+				      struct ieee802_1x_mka_ki *lki, u8 lan,
+				      Boolean ltx, Boolean lrx)
+{
+	struct ieee802_1x_mka_participant *principal;
+
+	principal = ieee802_1x_kay_get_principal_participant(kay);
+	if (!principal)
+		return -1;
+
+	if (!lki)
+		os_memset(&principal->lki, 0, sizeof(principal->lki));
+	else
+		os_memcpy(&principal->lki, lki, sizeof(principal->lki));
+
+	principal->lan = lan;
+	principal->ltx = ltx;
+	principal->lrx = lrx;
+	if (!lki) {
+		kay->ltx_kn = 0;
+		kay->lrx_kn = 0;
+	} else {
+		kay->ltx_kn = lki->kn;
+		kay->lrx_kn = lki->kn;
+	}
+	kay->ltx_an = lan;
+	kay->lrx_an = lan;
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_set_old_sa_attr -
+ */
+int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
+				   struct ieee802_1x_mka_ki *oki,
+				   u8 oan, Boolean otx, Boolean orx)
+{
+	struct ieee802_1x_mka_participant *principal;
+
+	principal = ieee802_1x_kay_get_principal_participant(kay);
+	if (!principal)
+		return -1;
+
+	if (!oki)
+		os_memset(&principal->oki, 0, sizeof(principal->oki));
+	else
+		os_memcpy(&principal->oki, oki, sizeof(principal->oki));
+
+	principal->oan = oan;
+	principal->otx = otx;
+	principal->orx = orx;
+
+	if (!oki) {
+		kay->otx_kn = 0;
+		kay->orx_kn = 0;
+	} else {
+		kay->otx_kn = oki->kn;
+		kay->orx_kn = oki->kn;
+	}
+	kay->otx_an = oan;
+	kay->orx_an = oan;
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_create_sas -
+ */
+int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
+			      struct ieee802_1x_mka_ki *lki)
+{
+	struct data_key *sa_key, *latest_sak;
+	struct ieee802_1x_mka_participant *principal;
+	struct receive_sc *rxsc;
+	struct receive_sa *rxsa;
+	struct transmit_sa *txsa;
+
+	principal = ieee802_1x_kay_get_principal_participant(kay);
+	if (!principal)
+		return -1;
+
+	latest_sak = NULL;
+	dl_list_for_each(sa_key, &principal->sak_list, struct data_key, list) {
+		if (is_ki_equal(&sa_key->key_identifier, lki)) {
+			sa_key->rx_latest = TRUE;
+			sa_key->tx_latest = TRUE;
+			latest_sak = sa_key;
+			principal->to_use_sak = TRUE;
+		} else {
+			sa_key->rx_latest = FALSE;
+			sa_key->tx_latest = FALSE;
+		}
+	}
+	if (!latest_sak) {
+		wpa_printf(MSG_ERROR, "lki related sak not found");
+		return -1;
+	}
+
+	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+		rxsa = ieee802_1x_kay_init_receive_sa(rxsc, latest_sak->an, 1,
+						      latest_sak);
+		if (!rxsa)
+			return -1;
+
+		secy_create_receive_sa(kay, rxsa);
+	}
+
+	txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an,
+					       1, latest_sak);
+	if (!txsa)
+		return -1;
+
+	secy_create_transmit_sa(kay, txsa);
+
+
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_delete_sas -
+ */
+int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
+			      struct ieee802_1x_mka_ki *ki)
+{
+	struct data_key *sa_key, *pre_key;
+	struct transmit_sa *txsa, *pre_txsa;
+	struct receive_sa *rxsa, *pre_rxsa;
+	struct receive_sc *rxsc;
+	struct ieee802_1x_mka_participant *principal;
+
+	wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__);
+	principal = ieee802_1x_kay_get_principal_participant(kay);
+	if (!principal)
+		return -1;
+
+	/* remove the transmit sa */
+	dl_list_for_each_safe(txsa, pre_txsa, &principal->txsc->sa_list,
+			      struct transmit_sa, list) {
+		if (is_ki_equal(&txsa->pkey->key_identifier, ki)) {
+			secy_disable_transmit_sa(kay, txsa);
+			ieee802_1x_kay_deinit_transmit_sa(txsa);
+		}
+	}
+
+	/* remove the receive sa */
+	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+		dl_list_for_each_safe(rxsa, pre_rxsa, &rxsc->sa_list,
+				      struct receive_sa, list) {
+			if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
+				secy_disable_receive_sa(kay, rxsa);
+				ieee802_1x_kay_deinit_receive_sa(rxsa);
+			}
+		}
+	}
+
+	/* remove the sak */
+	dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
+			      struct data_key, list) {
+		if (is_ki_equal(&sa_key->key_identifier, ki)) {
+			ieee802_1x_kay_deinit_data_key(sa_key);
+			break;
+		}
+		if (principal->new_key == sa_key)
+			principal->new_key = NULL;
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_enable_tx_sas -
+ */
+int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
+				 struct ieee802_1x_mka_ki *lki)
+{
+	struct ieee802_1x_mka_participant *principal;
+	struct transmit_sa *txsa;
+
+	principal = ieee802_1x_kay_get_principal_participant(kay);
+	if (!principal)
+		return -1;
+
+	dl_list_for_each(txsa, &principal->txsc->sa_list, struct transmit_sa,
+			 list) {
+		if (is_ki_equal(&txsa->pkey->key_identifier, lki)) {
+			txsa->in_use = TRUE;
+			secy_enable_transmit_sa(kay, txsa);
+			ieee802_1x_cp_set_usingtransmitas(
+				principal->kay->cp, TRUE);
+			ieee802_1x_cp_sm_step(principal->kay->cp);
+		}
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_enable_rx_sas -
+ */
+int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
+				 struct ieee802_1x_mka_ki *lki)
+{
+	struct ieee802_1x_mka_participant *principal;
+	struct receive_sa *rxsa;
+	struct receive_sc *rxsc;
+
+	principal = ieee802_1x_kay_get_principal_participant(kay);
+	if (!principal)
+		return -1;
+
+	dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+		dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
+		{
+			if (is_ki_equal(&rxsa->pkey->key_identifier, lki)) {
+				rxsa->in_use = TRUE;
+				secy_enable_receive_sa(kay, rxsa);
+				ieee802_1x_cp_set_usingreceivesas(
+					principal->kay->cp, TRUE);
+				ieee802_1x_cp_sm_step(principal->kay->cp);
+			}
+		}
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_enable_new_info -
+ */
+int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
+{
+	struct ieee802_1x_mka_participant *principal;
+
+	principal = ieee802_1x_kay_get_principal_participant(kay);
+	if (!principal)
+		return -1;
+
+	if (principal->retry_count < MAX_RETRY_CNT) {
+		ieee802_1x_participant_send_mkpdu(principal);
+		principal->retry_count++;
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_cp_conf -
+ */
+int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
+			   struct ieee802_1x_cp_conf *pconf)
+{
+	pconf->protect = kay->macsec_protect;
+	pconf->replay_protect = kay->macsec_replay_protect;
+	pconf->validate = kay->macsec_validate;
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_alloc_cp_sm -
+ */
+static struct ieee802_1x_cp_sm *
+ieee802_1x_kay_alloc_cp_sm(struct ieee802_1x_kay *kay)
+{
+	struct ieee802_1x_cp_conf conf;
+
+	os_memset(&conf, 0, sizeof(conf));
+	conf.protect = kay->macsec_protect;
+	conf.replay_protect = kay->macsec_replay_protect;
+	conf.validate = kay->macsec_validate;
+	conf.replay_window = kay->macsec_replay_window;
+
+	return ieee802_1x_cp_sm_init(kay, &conf);
+}
+
+
+/**
+ * ieee802_1x_kay_mkpdu_sanity_check -
+ *     sanity check specified in clause 11.11.2 of IEEE802.1X-2010
+ */
+static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
+					     const u8 *buf, size_t len)
+{
+	struct ieee8023_hdr *eth_hdr;
+	struct ieee802_1x_hdr *eapol_hdr;
+	struct ieee802_1x_mka_hdr *mka_hdr;
+	struct ieee802_1x_mka_basic_body *body;
+	size_t mka_msg_len;
+	struct ieee802_1x_mka_participant *participant;
+	size_t body_len;
+	u8 icv[MAX_ICV_LEN];
+	u8 *msg_icv;
+
+	eth_hdr = (struct ieee8023_hdr *) buf;
+	eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
+	mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1);
+
+	/* destination address should be not individual address */
+	if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) {
+		wpa_printf(MSG_MSGDUMP,
+			   "KaY: ethernet destination address is not PAE group address");
+		return -1;
+	}
+
+	/* MKPDU should not less than 32 octets */
+	mka_msg_len = be_to_host16(eapol_hdr->length);
+	if (mka_msg_len < 32) {
+		wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
+		return -1;
+	}
+	/* MKPDU should multiple 4 octets */
+	if ((mka_msg_len % 4) != 0) {
+		wpa_printf(MSG_MSGDUMP,
+			   "KaY: MKPDU is not multiple of 4 octets");
+		return -1;
+	}
+
+	body = (struct ieee802_1x_mka_basic_body *) mka_hdr;
+	ieee802_1x_mka_dump_basic_body(body);
+	body_len = get_mka_param_body_len(body);
+	/* EAPOL-MKA body should comprise basic parameter set and ICV */
+	if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: Received EAPOL-MKA Packet Body Length (%d bytes) is less than the Basic Parameter Set Header Length (%d bytes) + the Basic Parameter Set Body Length (%d bytes) + %d bytes of ICV",
+			   (int) mka_msg_len, (int) MKA_HDR_LEN,
+			   (int) body_len, DEFAULT_ICV_LEN);
+		return -1;
+	}
+
+	/* CKN should be owned by I */
+	participant = ieee802_1x_kay_get_participant(kay, body->ckn);
+	if (!participant) {
+		wpa_printf(MSG_DEBUG, "CKN is not included in my CA");
+		return -1;
+	}
+
+	/* algorithm agility check */
+	if (os_memcmp(body->algo_agility, mka_algo_agility,
+		      sizeof(body->algo_agility)) != 0) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: peer's algorithm agility not supported for me");
+		return -1;
+	}
+
+	/* ICV check */
+	/*
+	 * The ICV will comprise the final octets of the packet body, whatever
+	 * its size, not the fixed length 16 octets, indicated by the EAPOL
+	 * packet body length.
+	 */
+	if (mka_alg_tbl[kay->mka_algindex].icv_hash(
+		    participant->ick.key,
+		    buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
+		wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
+		return -1;
+	}
+	msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr,
+						 mka_msg_len);
+
+	if (msg_icv) {
+		if (os_memcmp(msg_icv, icv,
+			      mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
+			wpa_printf(MSG_ERROR,
+				   "KaY: Computed ICV is not equal to Received ICV");
+		return -1;
+		}
+	} else {
+		wpa_printf(MSG_ERROR, "KaY: No ICV");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_decode_mkpdu -
+ */
+static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
+				       const u8 *buf, size_t len)
+{
+	struct ieee802_1x_mka_participant *participant;
+	struct ieee802_1x_mka_hdr *hdr;
+	size_t body_len;
+	size_t left_len;
+	int body_type;
+	int i;
+	const u8 *pos;
+	Boolean my_included;
+	Boolean handled[256];
+
+	if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
+		return -1;
+
+	/* handle basic parameter set */
+	pos = buf + sizeof(struct ieee8023_hdr) + sizeof(struct ieee802_1x_hdr);
+	left_len = len - sizeof(struct ieee8023_hdr) -
+		sizeof(struct ieee802_1x_hdr);
+	participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
+	if (!participant)
+		return -1;
+
+	/* to skip basic parameter set */
+	hdr = (struct ieee802_1x_mka_hdr *) pos;
+	body_len = get_mka_param_body_len(hdr);
+	pos += body_len + MKA_HDR_LEN;
+	left_len -= body_len + MKA_HDR_LEN;
+
+	/* check i am in the peer's peer list */
+	my_included = ieee802_1x_mka_i_in_peerlist(participant, pos, left_len);
+	if (my_included) {
+		/* accept the peer as live peer */
+		if (!ieee802_1x_kay_is_in_peer(
+			    participant,
+			    participant->current_peer_id.mi)) {
+			if (!ieee802_1x_kay_create_live_peer(
+				    participant,
+				    participant->current_peer_id.mi,
+				    participant->current_peer_id.mn))
+				return -1;
+			ieee802_1x_kay_elect_key_server(participant);
+			ieee802_1x_kay_decide_macsec_use(participant);
+		}
+		if (ieee802_1x_kay_is_in_potential_peer(
+			    participant, participant->current_peer_id.mi)) {
+			ieee802_1x_kay_move_live_peer(
+				participant, participant->current_peer_id.mi,
+				participant->current_peer_id.mn);
+			ieee802_1x_kay_elect_key_server(participant);
+			ieee802_1x_kay_decide_macsec_use(participant);
+		}
+	}
+
+	/*
+	 * Handle other parameter set than basic parameter set.
+	 * Each parameter set should be present only once.
+	 */
+	for (i = 0; i < 256; i++)
+		handled[i] = FALSE;
+
+	handled[0] = TRUE;
+	while (left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN) {
+		hdr = (struct ieee802_1x_mka_hdr *) pos;
+		body_len = get_mka_param_body_len(hdr);
+		body_type = get_mka_param_body_type(hdr);
+
+		if (body_type == MKA_ICV_INDICATOR)
+			return 0;
+
+		if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
+			wpa_printf(MSG_ERROR,
+				   "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
+				   (int) left_len, (int) MKA_HDR_LEN,
+				   (int) body_len, DEFAULT_ICV_LEN);
+			goto next_para_set;
+		}
+
+		if (handled[body_type])
+			goto next_para_set;
+
+		handled[body_type] = TRUE;
+		if (mak_body_handler[body_type].body_rx) {
+			mak_body_handler[body_type].body_rx
+				(participant, pos, left_len);
+		} else {
+			wpa_printf(MSG_ERROR,
+				   "The type %d not supported in this MKA version %d",
+				   body_type, MKA_VERSION_ID);
+		}
+
+next_para_set:
+		pos += body_len + MKA_HDR_LEN;
+		left_len -= body_len + MKA_HDR_LEN;
+	}
+
+	kay->active = TRUE;
+	participant->retry_count = 0;
+	participant->active = TRUE;
+
+	return 0;
+}
+
+
+
+static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
+			   size_t len)
+{
+	struct ieee802_1x_kay *kay = ctx;
+	struct ieee8023_hdr *eth_hdr;
+	struct ieee802_1x_hdr *eapol_hdr;
+
+	/* must contain at least ieee8023_hdr + ieee802_1x_hdr */
+	if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) {
+		wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)",
+			   (unsigned long) len);
+		return;
+	}
+
+	eth_hdr = (struct ieee8023_hdr *) buf;
+	eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
+	if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
+	    ntohs(eapol_hdr->length)) {
+		wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
+			   (unsigned long) len,
+			   (unsigned long) ntohs(eapol_hdr->length));
+		return;
+	}
+
+	if (eapol_hdr->version < EAPOL_VERSION) {
+		wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
+			   eapol_hdr->version);
+		return;
+	}
+	if (ntohs(eth_hdr->ethertype) != ETH_P_PAE ||
+	    eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
+		return;
+
+	wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len);
+	if (dl_list_empty(&kay->participant_list)) {
+		wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
+		return;
+	}
+
+	ieee802_1x_kay_decode_mkpdu(kay, buf, len);
+}
+
+
+/**
+ * ieee802_1x_kay_init -
+ */
+struct ieee802_1x_kay *
+ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
+		    const char *ifname, const u8 *addr)
+{
+	struct ieee802_1x_kay *kay;
+
+	kay = os_zalloc(sizeof(*kay));
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+		return NULL;
+	}
+
+	kay->ctx = ctx;
+
+	kay->enable = TRUE;
+	kay->active = FALSE;
+
+	kay->authenticated = FALSE;
+	kay->secured = FALSE;
+	kay->failed = FALSE;
+	kay->policy = policy;
+
+	os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
+	os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
+	kay->actor_sci.port = 0x0001;
+	kay->actor_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
+
+	/* While actor acts as a key server, shall distribute sakey */
+	kay->dist_kn = 1;
+	kay->dist_an = 0;
+	kay->dist_time = 0;
+
+	kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
+	kay->macsec_csindex = DEFAULT_CS_INDEX;
+	kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
+	kay->mka_version = MKA_VERSION_ID;
+
+	os_memcpy(kay->algo_agility, mka_algo_agility,
+		  sizeof(kay->algo_agility));
+
+	dl_list_init(&kay->participant_list);
+
+	if (policy == DO_NOT_SECURE) {
+		kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
+		kay->macsec_desired = FALSE;
+		kay->macsec_protect = FALSE;
+		kay->macsec_validate = FALSE;
+		kay->macsec_replay_protect = FALSE;
+		kay->macsec_replay_window = 0;
+		kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
+	} else {
+		kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
+		kay->macsec_desired = TRUE;
+		kay->macsec_protect = TRUE;
+		kay->macsec_validate = TRUE;
+		kay->macsec_replay_protect = FALSE;
+		kay->macsec_replay_window = 0;
+		kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
+	}
+
+	wpa_printf(MSG_DEBUG, "KaY: state machine created");
+
+	/* Initialize the SecY must be prio to CP, as CP will control SecY */
+	secy_init_macsec(kay);
+	secy_get_available_transmit_sc(kay, &kay->sc_ch);
+
+	wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
+
+	/* init CP */
+	kay->cp = ieee802_1x_kay_alloc_cp_sm(kay);
+	if (kay->cp == NULL) {
+		ieee802_1x_kay_deinit(kay);
+		return NULL;
+	}
+
+	if (policy == DO_NOT_SECURE) {
+		ieee802_1x_cp_connect_authenticated(kay->cp);
+		ieee802_1x_cp_sm_step(kay->cp);
+	} else {
+		kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
+					     kay_l2_receive, kay, 1);
+		if (kay->l2_mka == NULL) {
+			wpa_printf(MSG_WARNING,
+				   "KaY: Failed to initialize L2 packet processing for MKA packet");
+			ieee802_1x_kay_deinit(kay);
+			return NULL;
+		}
+	}
+
+	return kay;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit -
+ */
+void
+ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
+{
+	struct ieee802_1x_mka_participant *participant;
+
+	if (!kay)
+		return;
+
+	wpa_printf(MSG_DEBUG, "KaY: state machine removed");
+
+	while (!dl_list_empty(&kay->participant_list)) {
+		participant = dl_list_entry(kay->participant_list.next,
+					    struct ieee802_1x_mka_participant,
+					    list);
+		ieee802_1x_kay_delete_mka(kay, &participant->ckn);
+	}
+
+	ieee802_1x_cp_sm_deinit(kay->cp);
+	secy_deinit_macsec(kay);
+
+	if (kay->l2_mka) {
+		l2_packet_deinit(kay->l2_mka);
+		kay->l2_mka = NULL;
+	}
+
+	os_free(kay->ctx);
+	os_free(kay);
+}
+
+
+/**
+ * ieee802_1x_kay_create_mka -
+ */
+struct ieee802_1x_mka_participant *
+ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
+			  struct mka_key *cak, u32 life,
+			  enum mka_created_mode mode, Boolean is_authenticator)
+{
+	struct ieee802_1x_mka_participant *participant;
+	unsigned int usecs;
+
+	if (!kay || !ckn || !cak) {
+		wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
+		return NULL;
+	}
+
+	if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
+		wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
+		return NULL;
+	}
+	if (ckn->len > MAX_CKN_LEN) {
+		wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
+		return NULL;
+	}
+	if (!kay->enable) {
+		wpa_printf(MSG_ERROR, "KaY: Now is at disable state");
+		return NULL;
+	}
+
+	participant = os_zalloc(sizeof(*participant));
+	if (!participant) {
+		wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+		return NULL;
+	}
+
+	participant->ckn.len = ckn->len;
+	os_memcpy(participant->ckn.name, ckn->name, ckn->len);
+	participant->cak.len = cak->len;
+	os_memcpy(participant->cak.key, cak->key, cak->len);
+	if (life)
+		participant->cak_life = life + time(NULL);
+
+	switch (mode) {
+	case EAP_EXCHANGE:
+		if (is_authenticator) {
+			participant->is_obliged_key_server = TRUE;
+			participant->can_be_key_server = TRUE;
+			participant->is_key_server = TRUE;
+			participant->principal = TRUE;
+
+			os_memcpy(&kay->key_server_sci, &kay->actor_sci,
+				  sizeof(kay->key_server_sci));
+			kay->key_server_priority = kay->actor_priority;
+			participant->is_elected = TRUE;
+		} else {
+			participant->is_obliged_key_server = FALSE;
+			participant->can_be_key_server = FALSE;
+			participant->is_key_server = FALSE;
+			participant->is_elected = TRUE;
+		}
+		break;
+
+	default:
+		participant->is_obliged_key_server = FALSE;
+		participant->can_be_key_server = TRUE;
+		participant->is_key_server = FALSE;
+		participant->is_elected = FALSE;
+		break;
+	}
+
+	participant->cached = FALSE;
+
+	participant->active = FALSE;
+	participant->participant = FALSE;
+	participant->retain = FALSE;
+	participant->activate = DEFAULT;
+
+	if (participant->is_key_server)
+		participant->principal = TRUE;
+
+	dl_list_init(&participant->live_peers);
+	dl_list_init(&participant->potential_peers);
+
+	participant->retry_count = 0;
+	participant->kay = kay;
+
+	os_get_random(participant->mi, sizeof(participant->mi));
+	participant->mn = 0;
+
+	participant->lrx = FALSE;
+	participant->ltx = FALSE;
+	participant->orx = FALSE;
+	participant->otx = FALSE;
+	participant->to_dist_sak = FALSE;
+	participant->to_use_sak = FALSE;
+	participant->new_sak = FALSE;
+	dl_list_init(&participant->sak_list);
+	participant->new_key = NULL;
+	dl_list_init(&participant->rxsc_list);
+	participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci,
+							    kay->sc_ch);
+	secy_create_transmit_sc(kay, participant->txsc);
+
+	/* to derive KEK from CAK and CKN */
+	participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
+	if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
+						    participant->ckn.name,
+						    participant->ckn.len,
+						    participant->kek.key)) {
+		wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
+		goto fail;
+	}
+	wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
+			participant->kek.key, participant->kek.len);
+
+	/* to derive ICK from CAK and CKN */
+	participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
+	if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
+						    participant->ckn.name,
+						    participant->ckn.len,
+						    participant->ick.key)) {
+		wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
+		goto fail;
+	}
+	wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
+			participant->ick.key, participant->ick.len);
+
+	dl_list_add(&kay->participant_list, &participant->list);
+	wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
+		    ckn->name, ckn->len);
+
+	usecs = os_random() % (MKA_HELLO_TIME * 1000);
+	eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
+			       participant, NULL);
+	participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
+		usecs / 1000000;
+
+	return participant;
+
+fail:
+	os_free(participant);
+	return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_delete_mka -
+ */
+void
+ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
+{
+	struct ieee802_1x_mka_participant *participant;
+	struct ieee802_1x_kay_peer *peer;
+	struct data_key *sak;
+	struct receive_sc *rxsc;
+
+	if (!kay || !ckn)
+		return;
+
+	wpa_printf(MSG_DEBUG, "KaY: participant removed");
+
+	/* get the participant */
+	participant = ieee802_1x_kay_get_participant(kay, ckn->name);
+	if (!participant) {
+		wpa_hexdump(MSG_DEBUG, "KaY: participant is not found",
+			    ckn->name, ckn->len);
+		return;
+	}
+
+	dl_list_del(&participant->list);
+
+	/* remove live peer */
+	while (!dl_list_empty(&participant->live_peers)) {
+		peer = dl_list_entry(participant->live_peers.next,
+				     struct ieee802_1x_kay_peer, list);
+		dl_list_del(&peer->list);
+		os_free(peer);
+	}
+
+	/* remove potential peer */
+	while (!dl_list_empty(&participant->potential_peers)) {
+		peer = dl_list_entry(participant->potential_peers.next,
+				     struct ieee802_1x_kay_peer, list);
+		dl_list_del(&peer->list);
+		os_free(peer);
+	}
+
+	/* remove sak */
+	while (!dl_list_empty(&participant->sak_list)) {
+		sak = dl_list_entry(participant->sak_list.next,
+				    struct data_key, list);
+		dl_list_del(&sak->list);
+		os_free(sak->key);
+		os_free(sak);
+	}
+	while (!dl_list_empty(&participant->rxsc_list)) {
+		rxsc = dl_list_entry(participant->rxsc_list.next,
+				     struct receive_sc, list);
+		secy_delete_receive_sc(kay, rxsc);
+		ieee802_1x_kay_deinit_receive_sc(participant, rxsc);
+	}
+	secy_delete_transmit_sc(kay, participant->txsc);
+	ieee802_1x_kay_deinit_transmit_sc(participant, participant->txsc);
+
+	os_memset(&participant->cak, 0, sizeof(participant->cak));
+	os_memset(&participant->kek, 0, sizeof(participant->kek));
+	os_memset(&participant->ick, 0, sizeof(participant->ick));
+	os_free(participant);
+}
+
+
+/**
+ * ieee802_1x_kay_mka_participate -
+ */
+void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
+				    struct mka_key_name *ckn,
+				    Boolean status)
+{
+	struct ieee802_1x_mka_participant *participant;
+
+	if (!kay || !ckn)
+		return;
+
+	participant = ieee802_1x_kay_get_participant(kay, ckn->name);
+	if (!participant)
+		return;
+
+	participant->active = status;
+}
+
+
+/**
+ * ieee802_1x_kay_new_sak -
+ */
+int
+ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
+{
+	struct ieee802_1x_mka_participant *participant;
+
+	if (!kay)
+		return -1;
+
+	participant = ieee802_1x_kay_get_principal_participant(kay);
+	if (!participant)
+		return -1;
+
+	participant->new_sak = TRUE;
+	wpa_printf(MSG_DEBUG, "KaY: new SAK signal");
+
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_change_cipher_suite -
+ */
+int
+ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay, int cs_index)
+{
+	struct ieee802_1x_mka_participant *participant;
+
+	if (!kay)
+		return -1;
+
+	if ((unsigned int) cs_index >= CS_TABLE_SIZE) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: Configured cipher suite index is out of range");
+		return -1;
+	}
+	if (kay->macsec_csindex == cs_index)
+		return -2;
+
+	if (cs_index == 0)
+		kay->macsec_desired = FALSE;
+
+	kay->macsec_csindex = cs_index;
+	kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
+
+	participant = ieee802_1x_kay_get_principal_participant(kay);
+	if (participant) {
+		wpa_printf(MSG_INFO, "KaY: Cipher Suite changed");
+		participant->new_sak = TRUE;
+	}
+
+	return 0;
+}

src/pae/ieee802_1x_kay.h

@@ -0,0 +1,194 @@
+/*
+ * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_KAY_H
+#define IEEE802_1X_KAY_H
+
+#include "utils/list.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+struct macsec_init_params;
+struct ieee802_1x_cp_conf;
+
+#define MI_LEN			12
+#define MAX_KEY_LEN		32  /* 32 bytes, 256 bits */
+#define MAX_CKN_LEN		32  /* 32 bytes, 256 bits */
+
+/* MKA timer, unit: millisecond */
+#define MKA_HELLO_TIME		2000
+#define MKA_LIFE_TIME		6000
+#define MKA_SAK_RETIRE_TIME	3000
+
+struct ieee802_1x_mka_ki {
+	u8 mi[MI_LEN];
+	u32 kn;
+};
+
+struct ieee802_1x_mka_sci {
+	u8 addr[ETH_ALEN];
+	u16 port;
+};
+
+struct mka_key {
+	u8 key[MAX_KEY_LEN];
+	size_t len;
+};
+
+struct mka_key_name {
+	u8 name[MAX_CKN_LEN];
+	size_t len;
+};
+
+enum mka_created_mode {
+	PSK,
+	EAP_EXCHANGE,
+	DISTRIBUTED,
+	CACHED,
+};
+
+struct ieee802_1x_kay_ctx {
+	/* pointer to arbitrary upper level context */
+	void *ctx;
+
+	/* abstract wpa driver interface */
+	int (*macsec_init)(void *ctx, struct macsec_init_params *params);
+	int (*macsec_deinit)(void *ctx);
+	int (*enable_protect_frames)(void *ctx, Boolean enabled);
+	int (*set_replay_protect)(void *ctx, Boolean enabled, u32 window);
+	int (*set_current_cipher_suite)(void *ctx, const u8 *cs, size_t cs_len);
+	int (*enable_controlled_port)(void *ctx, Boolean enabled);
+	int (*get_receive_lowest_pn)(void *ctx, u32 channel, u8 an,
+				     u32 *lowest_pn);
+	int (*get_transmit_next_pn)(void *ctx, u32 channel, u8 an,
+				    u32 *next_pn);
+	int (*set_transmit_next_pn)(void *ctx, u32 channel, u8 an, u32 next_pn);
+	int (*get_available_receive_sc)(void *ctx, u32 *channel);
+	int (*create_receive_sc)(void *ctx, u32 channel,
+				 struct ieee802_1x_mka_sci *sci,
+				 enum validate_frames vf,
+				 enum confidentiality_offset co);
+	int (*delete_receive_sc)(void *ctx, u32 channel);
+	int (*create_receive_sa)(void *ctx, u32 channel, u8 an, u32 lowest_pn,
+				 const u8 *sak);
+	int (*enable_receive_sa)(void *ctx, u32 channel, u8 an);
+	int (*disable_receive_sa)(void *ctx, u32 channel, u8 an);
+	int (*get_available_transmit_sc)(void *ctx, u32 *channel);
+	int (*create_transmit_sc)(void *ctx, u32 channel,
+				  const struct ieee802_1x_mka_sci *sci,
+				  enum confidentiality_offset co);
+	int (*delete_transmit_sc)(void *ctx, u32 channel);
+	int (*create_transmit_sa)(void *ctx, u32 channel, u8 an, u32 next_pn,
+				  Boolean confidentiality, const u8 *sak);
+	int (*enable_transmit_sa)(void *ctx, u32 channel, u8 an);
+	int (*disable_transmit_sa)(void *ctx, u32 channel, u8 an);
+};
+
+struct ieee802_1x_kay {
+	Boolean enable;
+	Boolean active;
+
+	Boolean authenticated;
+	Boolean secured;
+	Boolean failed;
+
+	struct ieee802_1x_mka_sci actor_sci;
+	u8 actor_priority;
+	struct ieee802_1x_mka_sci key_server_sci;
+	u8 key_server_priority;
+
+	enum macsec_cap macsec_capable;
+	Boolean macsec_desired;
+	Boolean macsec_protect;
+	Boolean macsec_replay_protect;
+	u32 macsec_replay_window;
+	enum validate_frames macsec_validate;
+	enum confidentiality_offset macsec_confidentiality;
+
+	u32 ltx_kn;
+	u8 ltx_an;
+	u32 lrx_kn;
+	u8 lrx_an;
+
+	u32 otx_kn;
+	u8 otx_an;
+	u32 orx_kn;
+	u8 orx_an;
+
+	/* not defined in IEEE802.1X */
+	struct ieee802_1x_kay_ctx *ctx;
+	Boolean is_key_server;
+	Boolean is_obliged_key_server;
+	char if_name[IFNAMSIZ];
+
+	int macsec_csindex;  /*  MACsec cipher suite table index */
+	int mka_algindex;  /* MKA alg table index */
+
+	u32 dist_kn;
+	u8 dist_an;
+	time_t dist_time;
+
+	u8 mka_version;
+	u8 algo_agility[4];
+	u32 sc_ch;
+
+	u32 pn_exhaustion;
+	Boolean port_enable;
+	Boolean rx_enable;
+	Boolean tx_enable;
+
+	struct dl_list participant_list;
+	enum macsec_policy policy;
+
+	struct ieee802_1x_cp_sm *cp;
+
+	struct l2_packet_data *l2_mka;
+
+	enum validate_frames vf;
+	enum confidentiality_offset co;
+};
+
+
+struct ieee802_1x_kay *
+ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
+		    const char *ifname, const u8 *addr);
+void ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay);
+
+struct ieee802_1x_mka_participant *
+ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
+			  struct mka_key_name *ckn, struct mka_key *cak,
+			  u32 life, enum mka_created_mode mode,
+			  Boolean is_authenticator);
+void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay,
+			       struct mka_key_name *ckn);
+void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
+				    struct mka_key_name *ckn,
+				    Boolean status);
+int ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay);
+int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
+				       int cs_index);
+
+int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
+				      struct ieee802_1x_mka_ki *lki, u8 lan,
+				      Boolean ltx, Boolean lrx);
+int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
+				   struct ieee802_1x_mka_ki *oki,
+				   u8 oan, Boolean otx, Boolean orx);
+int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
+			      struct ieee802_1x_mka_ki *lki);
+int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
+			      struct ieee802_1x_mka_ki *ki);
+int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
+				 struct ieee802_1x_mka_ki *lki);
+int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
+				 struct ieee802_1x_mka_ki *lki);
+int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);
+int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
+			   struct ieee802_1x_cp_conf *pconf);
+
+#endif /* IEEE802_1X_KAY_H */

src/pae/ieee802_1x_kay_i.h

@@ -0,0 +1,419 @@
+/*
+ * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_KAY_I_H
+#define IEEE802_1X_KAY_I_H
+
+#include "utils/list.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+#define MKA_VERSION_ID              1
+
+/* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 */
+enum mka_packet_type {
+	MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID,
+	MKA_LIVE_PEER_LIST = 1,
+	MKA_POTENTIAL_PEER_LIST = 2,
+	MKA_SAK_USE = 3,
+	MKA_DISTRIBUTED_SAK = 4,
+	MKA_DISTRIBUTED_CAK = 5,
+	MKA_KMD = 6,
+	MKA_ANNOUNCEMENT = 7,
+	MKA_ICV_INDICATOR = 255
+};
+
+#define ICV_LEN                         16  /* 16 bytes */
+#define SAK_WRAPPED_LEN                 24
+/* KN + Wrapper SAK */
+#define DEFAULT_DIS_SAK_BODY_LENGTH     (SAK_WRAPPED_LEN + 4)
+#define MAX_RETRY_CNT                   5
+
+struct ieee802_1x_kay;
+
+struct ieee802_1x_mka_peer_id {
+	u8 mi[MI_LEN];
+	u32 mn;
+};
+
+struct ieee802_1x_kay_peer {
+	struct ieee802_1x_mka_sci sci;
+	u8 mi[MI_LEN];
+	u32 mn;
+	time_t expire;
+	Boolean is_key_server;
+	u8 key_server_priority;
+	Boolean macsec_desired;
+	enum macsec_cap macsec_capbility;
+	Boolean sak_used;
+	struct dl_list list;
+};
+
+struct key_conf {
+	u8 *key;
+	struct ieee802_1x_mka_ki ki;
+	enum confidentiality_offset offset;
+	u8 an;
+	Boolean tx;
+	Boolean rx;
+	int key_len; /* unit: byte */
+};
+
+struct data_key {
+	u8 *key;
+	int key_len;
+	struct ieee802_1x_mka_ki key_identifier;
+	enum confidentiality_offset confidentiality_offset;
+	u8 an;
+	Boolean transmits;
+	Boolean receives;
+	struct os_time created_time;
+	u32 next_pn;
+
+	/* not defined data */
+	Boolean rx_latest;
+	Boolean tx_latest;
+
+	int user;  /* FIXME: to indicate if it can be delete safely */
+
+	struct dl_list list;
+};
+
+/* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct transmit_sc {
+	struct ieee802_1x_mka_sci sci; /* const SCI sci */
+	Boolean transmitting; /* bool transmitting (read only) */
+
+	struct os_time created_time; /* Time createdTime */
+
+	u8 encoding_sa; /* AN encodingSA (read only) */
+	u8 enciphering_sa; /* AN encipheringSA (read only) */
+
+	/* not defined data */
+	unsigned int channel;
+
+	struct dl_list list;
+	struct dl_list sa_list;
+};
+
+/* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct transmit_sa {
+	Boolean in_use; /* bool inUse (read only) */
+	u32 next_pn; /* PN nextPN (read only) */
+	struct os_time created_time; /* Time createdTime */
+
+	Boolean enable_transmit; /* bool EnableTransmit */
+
+	u8 an;
+	Boolean confidentiality;
+	struct data_key *pkey;
+
+	struct transmit_sc *sc;
+	struct dl_list list; /* list entry in struct transmit_sc::sa_list */
+};
+
+/* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct receive_sc {
+	struct ieee802_1x_mka_sci sci; /* const SCI sci */
+	Boolean receiving; /* bool receiving (read only) */
+
+	struct os_time created_time; /* Time createdTime */
+
+	unsigned int channel;
+
+	struct dl_list list;
+	struct dl_list sa_list;
+};
+
+/* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct receive_sa {
+	Boolean enable_receive; /* bool enableReceive */
+	Boolean in_use; /* bool inUse (read only) */
+
+	u32 next_pn; /* PN nextPN (read only) */
+	u32 lowest_pn; /* PN lowestPN (read only) */
+	u8 an;
+	struct os_time created_time;
+
+	struct data_key *pkey;
+	struct receive_sc *sc; /* list entry in struct receive_sc::sa_list */
+
+	struct dl_list list;
+};
+
+struct macsec_ciphersuite {
+	u8 id[CS_ID_LEN];
+	char name[32];
+	enum macsec_cap capable;
+	int sak_len; /* unit: byte */
+
+	u32 index;
+};
+
+struct mka_alg {
+	u8 parameter[4];
+	size_t cak_len;
+	size_t kek_len;
+	size_t ick_len;
+	size_t icv_len;
+
+	int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
+	int (*ckn_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2,
+			const u8 *sid, size_t sid_len, u8 *ckn);
+	int (*kek_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *kek);
+	int (*ick_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *ick);
+	int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
+
+	int index; /* index for configuring */
+};
+
+#define DEFAULT_MKA_ALG_INDEX 0
+
+/* See IEEE Std 802.1X-2010, 9.16 MKA management */
+struct ieee802_1x_mka_participant {
+	/* used for active and potential participant */
+	struct mka_key_name ckn;
+	struct mka_key cak;
+	Boolean cached;
+
+	/* used by management to monitor and control activation */
+	Boolean active;
+	Boolean participant;
+	Boolean retain;
+
+	enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
+
+	/* used for active participant */
+	Boolean principal;
+	struct dl_list live_peers;
+	struct dl_list potential_peers;
+
+	/* not defined in IEEE 802.1X */
+	struct dl_list list;
+
+	struct mka_key kek;
+	struct mka_key ick;
+
+	struct ieee802_1x_mka_ki lki;
+	u8 lan;
+	Boolean ltx;
+	Boolean lrx;
+
+	struct ieee802_1x_mka_ki oki;
+	u8 oan;
+	Boolean otx;
+	Boolean orx;
+
+	Boolean is_key_server;
+	Boolean is_obliged_key_server;
+	Boolean can_be_key_server;
+	Boolean is_elected;
+
+	struct dl_list sak_list;
+	struct dl_list rxsc_list;
+
+	struct transmit_sc *txsc;
+
+	u8 mi[MI_LEN];
+	u32 mn;
+
+	struct ieee802_1x_mka_peer_id current_peer_id;
+	struct ieee802_1x_mka_sci current_peer_sci;
+	time_t cak_life;
+	time_t mka_life;
+	Boolean to_dist_sak;
+	Boolean to_use_sak;
+	Boolean new_sak;
+
+	Boolean advised_desired;
+	enum macsec_cap advised_capability;
+
+	struct data_key *new_key;
+	u32 retry_count;
+
+	struct ieee802_1x_kay *kay;
+};
+
+struct ieee802_1x_mka_hdr {
+	/* octet 1 */
+	u32 type:8;
+	/* octet 2 */
+	u32 reserve:8;
+	/* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 length:4;
+	u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 reserve1:4;
+	u32 length:4;
+#else
+#error "Please fix <bits/endian.h>"
+#endif
+	/* octet 4 */
+	u32 length1:8;
+};
+
+#define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
+
+struct ieee802_1x_mka_basic_body {
+	/* octet 1 */
+	u32 version:8;
+	/* octet 2 */
+	u32 priority:8;
+	/* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 length:4;
+	u32 macsec_capbility:2;
+	u32 macsec_desired:1;
+	u32 key_server:1;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 key_server:1;
+	u32 macsec_desired:1;
+	u32 macsec_capbility:2;
+	u32 length:4;
+#endif
+	/* octet 4 */
+	u32 length1:8;
+
+	struct ieee802_1x_mka_sci actor_sci;
+	u8 actor_mi[MI_LEN];
+	u32 actor_mn;
+	u8 algo_agility[4];
+
+	/* followed by CAK Name*/
+	u8 ckn[0];
+};
+
+struct ieee802_1x_mka_peer_body {
+	/* octet 1 */
+	u32 type:8;
+	/* octet 2 */
+	u32 reserve:8;
+	/* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 length:4;
+	u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 reserve1:4;
+	u32 length:4;
+#endif
+	/* octet 4 */
+	u32 length1:8;
+
+	u8 peer[0];
+	/* followed by Peers */
+};
+
+struct ieee802_1x_mka_sak_use_body {
+	/* octet 1 */
+	u32 type:8;
+	/* octet 2 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 orx:1;
+	u32 otx:1;
+	u32 oan:2;
+	u32 lrx:1;
+	u32 ltx:1;
+	u32 lan:2;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 lan:2;
+	u32 ltx:1;
+	u32 lrx:1;
+	u32 oan:2;
+	u32 otx:1;
+	u32 orx:1;
+#endif
+
+	/* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 length:4;
+	u32 delay_protect:1;
+	u32 reserve:1;
+	u32 prx:1;
+	u32 ptx:1;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 ptx:1;
+	u32 prx:1;
+	u32 reserve:1;
+	u32 delay_protect:1;
+	u32 length:4;
+#endif
+
+	/* octet 4 */
+	u32 length1:8;
+
+	/* octet 5 - 16 */
+	u8 lsrv_mi[MI_LEN];
+	/* octet 17 - 20 */
+	u32 lkn;
+	/* octet 21 - 24 */
+	u32 llpn;
+
+	/* octet 25 - 36 */
+	u8 osrv_mi[MI_LEN];
+	/* octet 37 - 40 */
+	u32 okn;
+	/* octet 41 - 44 */
+	u32 olpn;
+};
+
+
+struct ieee802_1x_mka_dist_sak_body {
+	/* octet 1 */
+	u32 type:8;
+	/* octet 2 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 reserve:4;
+	u32 confid_offset:2;
+	u32 dan:2;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 dan:2;
+	u32 confid_offset:2;
+	u32 reserve:4;
+#endif
+	/* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 length:4;
+	u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 reserve1:4;
+	u32 length:4;
+#endif
+	/* octet 4 */
+	u32 length1:8;
+	/* octet 5 - 8 */
+	u32 kn;
+
+	/* for GCM-AES-128: octet 9-32: SAK
+	 * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
+	 */
+	u8 sak[0];
+};
+
+
+struct ieee802_1x_mka_icv_body {
+	/* octet 1 */
+	u32 type:8;
+	/* octet 2 */
+	u32 reserve:8;
+	/* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+	u32 length:4;
+	u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+	u32 reserve1:4;
+	u32 length:4;
+#endif
+	/* octet 4 */
+	u32 length1:8;
+
+	/* octet 5 - */
+	u8 icv[0];
+};
+
+#endif /* IEEE802_1X_KAY_I_H */

src/pae/ieee802_1x_key.c

@@ -0,0 +1,189 @@
+/*
+ * IEEE 802.1X-2010 Key Hierarchy
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ *
+ * SAK derivation specified in IEEE Std 802.1X-2010, Clause 6.2
+*/
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "crypto/md5.h"
+#include "crypto/sha1.h"
+#include "crypto/aes_wrap.h"
+#include "crypto/crypto.h"
+#include "ieee802_1x_key.h"
+
+
+static void joint_two_mac(const u8 *mac1, const u8 *mac2, u8 *out)
+{
+	if (os_memcmp(mac1, mac2, ETH_ALEN) < 0) {
+		os_memcpy(out, mac1, ETH_ALEN);
+		os_memcpy(out + ETH_ALEN, mac2, ETH_ALEN);
+	} else {
+		os_memcpy(out, mac2, ETH_ALEN);
+		os_memcpy(out + ETH_ALEN, mac1, ETH_ALEN);
+	}
+}
+
+
+/* IEEE Std 802.1X-2010, 6.2.1 KDF */
+static int aes_kdf_128(const u8 *kdk, const char *label, const u8 *context,
+		       int ctx_bits, int ret_bits, u8 *ret)
+{
+	const int h = 128;
+	const int r = 8;
+	int i, n;
+	int lab_len, ctx_len, ret_len, buf_len;
+	u8 *buf;
+
+	lab_len = os_strlen(label);
+	ctx_len = (ctx_bits + 7) / 8;
+	ret_len = ((ret_bits & 0xffff) + 7) / 8;
+	buf_len = lab_len + ctx_len + 4;
+
+	os_memset(ret, 0, ret_len);
+
+	n = (ret_bits + h - 1) / h;
+	if (n > ((0x1 << r) - 1))
+		return -1;
+
+	buf = os_zalloc(buf_len);
+	if (buf == NULL)
+		return -1;
+
+	os_memcpy(buf + 1, label, lab_len);
+	os_memcpy(buf + lab_len + 2, context, ctx_len);
+	WPA_PUT_BE16(&buf[buf_len - 2], ret_bits);
+
+	for (i = 0; i < n; i++) {
+		buf[0] = (u8) (i + 1);
+		if (omac1_aes_128(kdk, buf, buf_len, ret)) {
+			os_free(buf);
+			return -1;
+		}
+		ret = ret + h / 8;
+	}
+	os_free(buf);
+	return 0;
+}
+
+
+/********** AES-CMAC-128 **********/
+/**
+ * ieee802_1x_cak_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 6.2.2
+ * CAK = KDF(Key, Label, mac1 | mac2, CAKlength)
+ */
+int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+				    const u8 *mac2, u8 *cak)
+{
+	u8 context[2 * ETH_ALEN];
+
+	joint_two_mac(mac1, mac2, context);
+	return aes_kdf_128(msk, "IEEE8021 EAP CAK",
+			   context, sizeof(context) * 8, 128, cak);
+}
+
+
+/**
+ * ieee802_1x_ckn_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 6.2.2
+ * CKN = KDF(Key, Label, ID | mac1 | mac2, CKNlength)
+ */
+int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+				    const u8 *mac2, const u8 *sid,
+				    size_t sid_bytes, u8 *ckn)
+{
+	int res;
+	u8 *context;
+	size_t ctx_len = sid_bytes + ETH_ALEN * 2;
+
+	context = os_zalloc(ctx_len);
+	if (!context) {
+		wpa_printf(MSG_ERROR, "MKA-%s: out of memory", __func__);
+		return -1;
+	}
+	os_memcpy(context, sid, sid_bytes);
+	joint_two_mac(mac1, mac2, context + sid_bytes);
+
+	res = aes_kdf_128(msk, "IEEE8021 EAP CKN", context, ctx_len * 8,
+			  128, ckn);
+	os_free(context);
+	return res;
+}
+
+
+/**
+ * ieee802_1x_kek_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.3.3
+ * KEK = KDF(Key, Label, Keyid, KEKLength)
+ */
+int ieee802_1x_kek_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+				    size_t ckn_bytes, u8 *kek)
+{
+	u8 context[16];
+
+	/* First 16 octets of CKN, with null octets appended to pad if needed */
+	os_memset(context, 0, sizeof(context));
+	os_memcpy(context, ckn, (ckn_bytes < 16) ? ckn_bytes : 16);
+
+	return aes_kdf_128(cak, "IEEE8021 KEK", context, sizeof(context) * 8,
+			   128, kek);
+}
+
+
+/**
+ * ieee802_1x_ick_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.3.3
+ * ICK = KDF(Key, Label, Keyid, ICKLength)
+ */
+int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+				    size_t ckn_bytes, u8 *ick)
+{
+	u8 context[16];
+
+	/* First 16 octets of CKN, with null octets appended to pad if needed */
+	os_memset(context, 0, sizeof(context));
+	os_memcpy(context, ckn, (ckn_bytes < 16) ? ckn_bytes : 16);
+
+	return aes_kdf_128(cak, "IEEE8021 ICK", context, sizeof(context) * 8,
+			   128, ick);
+}
+
+
+/**
+ * ieee802_1x_icv_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.4.1
+ * ICV = AES-CMAC(ICK, M, 128)
+ */
+int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+				    size_t msg_bytes, u8 *icv)
+{
+	if (omac1_aes_128(ick, msg, msg_bytes, icv)) {
+		wpa_printf(MSG_ERROR, "MKA: omac1_aes_128 failed");
+		return -1;
+	}
+	return 0;
+}
+
+
+/**
+ * ieee802_1x_sak_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.8.1
+ * SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength)
+ */
+int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
+				    size_t ctx_bytes, u8 *sak)
+{
+	return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak);
+}

src/pae/ieee802_1x_key.h

@@ -0,0 +1,26 @@
+/*
+ * IEEE 802.1X-2010 Key Hierarchy
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_KEY_H
+#define IEEE802_1X_KEY_H
+
+int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+				    const u8 *mac2, u8 *cak);
+int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+				    const u8 *mac2, const u8 *sid,
+				    size_t sid_bytes, u8 *ckn);
+int ieee802_1x_kek_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+				    size_t ckn_bytes, u8 *kek);
+int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+				    size_t ckn_bytes, u8 *ick);
+int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+				    size_t msg_bytes, u8 *icv);
+int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
+				    size_t ctx_bytes, u8 *sak);
+
+#endif /* IEEE802_1X_KEY_H */

src/pae/ieee802_1x_secy_ops.c

@@ -0,0 +1,492 @@
+ /*
+ * SecY Operations
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/defs.h"
+#include "drivers/driver.h"
+#include "pae/ieee802_1x_kay.h"
+#include "pae/ieee802_1x_kay_i.h"
+#include "pae/ieee802_1x_secy_ops.h"
+
+
+int secy_cp_control_validate_frames(struct ieee802_1x_kay *kay,
+				    enum validate_frames vf)
+{
+	kay->vf = vf;
+	return 0;
+}
+
+
+int secy_cp_control_protect_frames(struct ieee802_1x_kay *kay, Boolean enabled)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->enable_protect_frames) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy enable_protect_frames operation not supported");
+		return -1;
+	}
+
+	return ops->enable_protect_frames(ops->ctx, enabled);
+}
+
+
+int secy_cp_control_replay(struct ieee802_1x_kay *kay, Boolean enabled, u32 win)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->set_replay_protect) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy set_replay_protect operation not supported");
+		return -1;
+	}
+
+	return ops->set_replay_protect(ops->ctx, enabled, win);
+}
+
+
+int secy_cp_control_current_cipher_suite(struct ieee802_1x_kay *kay,
+					 const u8 *cs, size_t cs_len)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->set_current_cipher_suite) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy set_current_cipher_suite operation not supported");
+		return -1;
+	}
+
+	return ops->set_current_cipher_suite(ops->ctx, cs, cs_len);
+}
+
+
+int secy_cp_control_confidentiality_offset(struct ieee802_1x_kay *kay,
+					   enum confidentiality_offset co)
+{
+	kay->co = co;
+	return 0;
+}
+
+
+int secy_cp_control_enable_port(struct ieee802_1x_kay *kay, Boolean enabled)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->enable_controlled_port) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy enable_controlled_port operation not supported");
+		return -1;
+	}
+
+	return ops->enable_controlled_port(ops->ctx, enabled);
+}
+
+
+int secy_get_receive_lowest_pn(struct ieee802_1x_kay *kay,
+			       struct receive_sa *rxsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !rxsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->get_receive_lowest_pn) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy get_receive_lowest_pn operation not supported");
+		return -1;
+	}
+
+	return ops->get_receive_lowest_pn(ops->ctx,
+					rxsa->sc->channel,
+					rxsa->an,
+					&rxsa->lowest_pn);
+}
+
+
+int secy_get_transmit_next_pn(struct ieee802_1x_kay *kay,
+			      struct transmit_sa *txsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !txsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->get_transmit_next_pn) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy get_receive_lowest_pn operation not supported");
+		return -1;
+	}
+
+	return ops->get_transmit_next_pn(ops->ctx,
+					txsa->sc->channel,
+					txsa->an,
+					&txsa->next_pn);
+}
+
+
+int secy_set_transmit_next_pn(struct ieee802_1x_kay *kay,
+			      struct transmit_sa *txsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !txsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->set_transmit_next_pn) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy get_receive_lowest_pn operation not supported");
+		return -1;
+	}
+
+	return ops->set_transmit_next_pn(ops->ctx,
+					txsa->sc->channel,
+					txsa->an,
+					txsa->next_pn);
+}
+
+
+int secy_get_available_receive_sc(struct ieee802_1x_kay *kay, u32 *channel)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->get_available_receive_sc) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy get_available_receive_sc operation not supported");
+		return -1;
+	}
+
+	return ops->get_available_receive_sc(ops->ctx, channel);
+}
+
+
+int secy_create_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !rxsc) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->create_receive_sc) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy create_receive_sc operation not supported");
+		return -1;
+	}
+
+	return ops->create_receive_sc(ops->ctx, rxsc->channel, &rxsc->sci,
+				      kay->vf, kay->co);
+}
+
+
+int secy_delete_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !rxsc) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->delete_receive_sc) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy delete_receive_sc operation not supported");
+		return -1;
+	}
+
+	return ops->delete_receive_sc(ops->ctx, rxsc->channel);
+}
+
+
+int secy_create_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !rxsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->create_receive_sa) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy create_receive_sa operation not supported");
+		return -1;
+	}
+
+	return ops->create_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an,
+				      rxsa->lowest_pn, rxsa->pkey->key);
+}
+
+
+int secy_enable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !rxsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->enable_receive_sa) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy enable_receive_sa operation not supported");
+		return -1;
+	}
+
+	rxsa->enable_receive = TRUE;
+
+	return ops->enable_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an);
+}
+
+
+int secy_disable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !rxsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->disable_receive_sa) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy disable_receive_sa operation not supported");
+		return -1;
+	}
+
+	rxsa->enable_receive = FALSE;
+
+	return ops->disable_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an);
+}
+
+
+int secy_get_available_transmit_sc(struct ieee802_1x_kay *kay, u32 *channel)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->get_available_transmit_sc) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy get_available_transmit_sc operation not supported");
+		return -1;
+	}
+
+	return ops->get_available_transmit_sc(ops->ctx, channel);
+}
+
+
+int secy_create_transmit_sc(struct ieee802_1x_kay *kay,
+			    struct transmit_sc *txsc)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !txsc) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->create_transmit_sc) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy create_transmit_sc operation not supported");
+		return -1;
+	}
+
+	return ops->create_transmit_sc(ops->ctx, txsc->channel, &txsc->sci,
+				       kay->co);
+}
+
+
+int secy_delete_transmit_sc(struct ieee802_1x_kay *kay,
+			    struct transmit_sc *txsc)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !txsc) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->delete_transmit_sc) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy delete_transmit_sc operation not supported");
+		return -1;
+	}
+
+	return ops->delete_transmit_sc(ops->ctx, txsc->channel);
+}
+
+
+int secy_create_transmit_sa(struct ieee802_1x_kay *kay,
+			    struct transmit_sa *txsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !txsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->create_transmit_sa) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy create_transmit_sa operation not supported");
+		return -1;
+	}
+
+	return ops->create_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an,
+					txsa->next_pn, txsa->confidentiality,
+					txsa->pkey->key);
+}
+
+
+int secy_enable_transmit_sa(struct ieee802_1x_kay *kay,
+			    struct transmit_sa *txsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !txsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->enable_transmit_sa) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy enable_transmit_sa operation not supported");
+		return -1;
+	}
+
+	txsa->enable_transmit = TRUE;
+
+	return ops->enable_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an);
+}
+
+
+int secy_disable_transmit_sa(struct ieee802_1x_kay *kay,
+			     struct transmit_sa *txsa)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay || !txsa) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->disable_transmit_sa) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy disable_transmit_sa operation not supported");
+		return -1;
+	}
+
+	txsa->enable_transmit = FALSE;
+
+	return ops->disable_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an);
+}
+
+
+int secy_init_macsec(struct ieee802_1x_kay *kay)
+{
+	int ret;
+	struct ieee802_1x_kay_ctx *ops;
+	struct macsec_init_params params;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->macsec_init) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy macsec_init operation not supported");
+		return -1;
+	}
+
+	params.use_es = FALSE;
+	params.use_scb = FALSE;
+	params.always_include_sci = TRUE;
+
+	ret = ops->macsec_init(ops->ctx, &params);
+
+	return ret;
+}
+
+
+int secy_deinit_macsec(struct ieee802_1x_kay *kay)
+{
+	struct ieee802_1x_kay_ctx *ops;
+
+	if (!kay) {
+		wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+		return -1;
+	}
+
+	ops = kay->ctx;
+	if (!ops || !ops->macsec_deinit) {
+		wpa_printf(MSG_ERROR,
+			   "KaY: secy macsec_deinit operation not supported");
+		return -1;
+	}
+
+	return ops->macsec_deinit(ops->ctx);
+}

src/pae/ieee802_1x_secy_ops.h

@@ -0,0 +1,62 @@
+ /*
+ * SecY Operations
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_SECY_OPS_H
+#define IEEE802_1X_SECY_OPS_H
+
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+struct ieee802_1x_kay_conf;
+struct receive_sa;
+struct transmit_sa;
+struct receive_sc;
+struct transmit_sc;
+
+int secy_init_macsec(struct ieee802_1x_kay *kay);
+int secy_deinit_macsec(struct ieee802_1x_kay *kay);
+
+/****** CP -> SecY ******/
+int secy_cp_control_validate_frames(struct ieee802_1x_kay *kay,
+				    enum validate_frames vf);
+int secy_cp_control_protect_frames(struct ieee802_1x_kay *kay, Boolean flag);
+int secy_cp_control_replay(struct ieee802_1x_kay *kay, Boolean flag, u32 win);
+int secy_cp_control_current_cipher_suite(struct ieee802_1x_kay *kay,
+					 const u8 *cs, size_t cs_len);
+int secy_cp_control_confidentiality_offset(struct ieee802_1x_kay *kay,
+					   enum confidentiality_offset co);
+int secy_cp_control_enable_port(struct ieee802_1x_kay *kay, Boolean flag);
+
+/****** KaY -> SecY *******/
+int secy_get_receive_lowest_pn(struct ieee802_1x_kay *kay,
+			       struct receive_sa *rxsa);
+int secy_get_transmit_next_pn(struct ieee802_1x_kay *kay,
+			      struct transmit_sa *txsa);
+int secy_set_transmit_next_pn(struct ieee802_1x_kay *kay,
+			      struct transmit_sa *txsa);
+int secy_get_available_receive_sc(struct ieee802_1x_kay *kay, u32 *channel);
+int secy_create_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc);
+int secy_delete_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc);
+int secy_create_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa);
+int secy_enable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa);
+int secy_disable_receive_sa(struct ieee802_1x_kay *kay,
+			    struct receive_sa *rxsa);
+
+int secy_get_available_transmit_sc(struct ieee802_1x_kay *kay, u32 *channel);
+int secy_create_transmit_sc(struct ieee802_1x_kay *kay,
+			    struct transmit_sc *txsc);
+int secy_delete_transmit_sc(struct ieee802_1x_kay *kay,
+			    struct transmit_sc *txsc);
+int secy_create_transmit_sa(struct ieee802_1x_kay *kay,
+			    struct transmit_sa *txsa);
+int secy_enable_transmit_sa(struct ieee802_1x_kay *kay,
+			    struct transmit_sa *txsa);
+int secy_disable_transmit_sa(struct ieee802_1x_kay *kay,
+			     struct transmit_sa *txsa);
+
+#endif /* IEEE802_1X_SECY_OPS_H */