Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2218812/?format=api
{ "id": 2218812, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2218812/?format=api", "project": { "id": 22, "url": "http://patchwork.ozlabs.org/api/1.0/projects/22/?format=api", "name": "HostAP Development", "link_name": "hostap", "list_id": "hostap.lists.infradead.org", "list_email": "hostap@lists.infradead.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260401220220.4418-24-andrei.otcheretianski@intel.com>", "date": "2026-04-01T22:01:32", "name": "[23/71] wpa_supplicant: Add security parameters to NAN DP request and response", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "fcf3c121f546a6abee668f2d1d756032fee5afbc", "submitter": { "id": 62065, "url": "http://patchwork.ozlabs.org/api/1.0/people/62065/?format=api", "name": "Andrei Otcheretianski", "email": "andrei.otcheretianski@intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260401220220.4418-24-andrei.otcheretianski@intel.com/mbox/", "series": [ { "id": 498402, "url": "http://patchwork.ozlabs.org/api/1.0/series/498402/?format=api", "date": "2026-04-01T22:01:09", "name": "NAN Data Path and Bootstrapping support", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/498402/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2218812/checks/", "tags": {}, "headers": { "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=lawKxWrA;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=U5tQ7jQm;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fmJwz30ysz1yFv\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 02 Apr 2026 09:06:43 +1100 (AEDT)", "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w83hQ-0000000GAki-15pU;\n\tWed, 01 Apr 2026 22:06:08 +0000", "from mgamail.intel.com ([198.175.65.20])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w83gw-0000000G9xK-1VMo\n\tfor hostap@lists.infradead.org;\n\tWed, 01 Apr 2026 22:05:41 +0000", "from fmviesa003.fm.intel.com ([10.60.135.143])\n by orvoesa112.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 01 Apr 2026 15:05:38 -0700", "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 01 Apr 2026 15:05:37 -0700" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=RaVSJx1msG/iUIAJOtMtYqIgSA1dDI1TtfStd4STW5g=; b=lawKxWrAFDyWD5\n\tESft91qxPCxY8B9nusXwYLwiWZ+tCCBLqinVd7I4UwARtrwX6lX+bq/smywp0omi5LxPexKpP9tQB\n\t4Qjdw4iAxNUQh4u5uq1mAPA1cfhajMQr7uM7EsDCTWHapNry+rM7xmFG8bEXtStH1Es+/jMwFAa9v\n\twR0WZYrilIDkjUFBfxomMa4gZCOB5FSN0WSiQ8CdP2nL3nseAAz58RyeTJggOlrcmX1VkZjfk/Uvi\n\t+VE2wmcVIbm0dEpZNhdYW1BlALUe1ZGUtOSAFxJDQXI7HLv39ABGAcIVZM4GY80/Ku7WIYQLh/sCZ\n\tCpBJCsi6vtq7v0D8UlPw==;", "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1775081138; x=1806617138;\n h=from:to:subject:date:message-id:in-reply-to:references:\n mime-version:content-transfer-encoding;\n bh=s9ZCs2vf51wfBanrtliBOFnFptWzE3rlqpht3ohesDc=;\n b=U5tQ7jQm1AupXeWQjceZ3kXIcNG7GqipAhMPeGwB8JqqfuRe7fEUxWcR\n bdz8tZkfztly1QhSHbK8CKKOBf2dUZg/YRJTqHAuYGB0ygja8MGljZUs1\n g2Ny0rFGyl4htv3vFbXCFjgpMrzFGgDOTvVNokAvEegSoSZtM9vu+3oVx\n Y5qs9A37aNyoptSIV0DZS2gSmwbkpUoKWmgYQtbAXAnNv9VZnvDrhruYJ\n o6kajXB3gI3KewHfJbkEUzzsvrwe/37RT9r8+FqPTEGM38BaW89tAGCrE\n o5+/1pyge7/g7y+cd96ozP2fNTiOIU5SJ73u5vfHzaon2w0t2IedZXTeS\n A==;" ], "X-CSE-ConnectionGUID": [ "A53vkQKIQIeWTyJAcSloKA==", "ANgmNyJQSy2B+jAYBG0SdA==" ], "X-CSE-MsgGUID": [ "YUMO7/lFQBCE59+uCz1Kjg==", "KEBH66PEQ5af4K7PyIGthQ==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11746\"; a=\"75851603\"", "E=Sophos;i=\"6.23,153,1770624000\";\n d=\"scan'208\";a=\"75851603\"" ], "X-ExtLoop1": "1", "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>", "To": "hostap@lists.infradead.org", "Subject": "[PATCH 23/71] wpa_supplicant: Add security parameters to NAN DP\n request and response", "Date": "Thu, 2 Apr 2026 01:01:32 +0300", "Message-ID": "<20260401220220.4418-24-andrei.otcheretianski@intel.com>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260401220220.4418-1-andrei.otcheretianski@intel.com>", "References": "<20260401220220.4418-1-andrei.otcheretianski@intel.com>", "MIME-Version": "1.0", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20260401_150539_226829_00DA2B22 ", "X-CRM114-Status": "GOOD ( 17.86 )", "X-Spam-Score": "-1.9 (-)", "X-Spam-Report": "Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: Add CSID and password parameters to NAN_NDP_REQUEST and\n NAN_NDP_RESPONSE\n commands. Signed-off-by: Andrei Otcheretianski\n <andrei.otcheretianski@intel.com>\n --- src/common/nan_defs.h | 2 + wpa_supplicant/nan_supplicant.c | 114\n +++++++++++++++++++++++++++++---\n 2 files changed, 107 inser [...]\n Content analysis details: (-1.9 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [198.175.65.20 listed in list.dnswl.org]\n 1.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n Validity was blocked. See\n https://knowledge.validity.com/hc/en-us/articles/20961730681243\n for more information.\n [198.175.65.20 listed in\n bl.score.senderscore.com]\n 1.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The\n query to Validity was blocked. See\n https://knowledge.validity.com/hc/en-us/articles/20961730681243\n for more information.\n [198.175.65.20 listed in\n sa-trusted.bondedsender.org]\n 1.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n Validity was blocked. See\n https://knowledge.validity.com/hc/en-us/articles/20961730681243\n for more information.\n [198.175.65.20 listed in sa-accredit.habeas.com]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.5 DKIMWL_WL_HIGH DKIMwl.org - High trust sender", "X-BeenThere": "hostap@lists.infradead.org", "X-Mailman-Version": "2.1.34", "Precedence": "list", "List-Id": "<hostap.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>", "List-Post": "<mailto:hostap@lists.infradead.org>", "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>", "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "Add CSID and password parameters to NAN_NDP_REQUEST and NAN_NDP_RESPONSE\ncommands.\n\nSigned-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>\n---\n src/common/nan_defs.h | 2 +\n wpa_supplicant/nan_supplicant.c | 114 +++++++++++++++++++++++++++++---\n 2 files changed, 107 insertions(+), 9 deletions(-)", "diff": "diff --git a/src/common/nan_defs.h b/src/common/nan_defs.h\nindex 487526c799..288ddfe7da 100644\n--- a/src/common/nan_defs.h\n+++ b/src/common/nan_defs.h\n@@ -461,6 +461,8 @@ enum nan_cipher_suite_id {\n \tNAN_CS_GTK_GCMP_256 = 6,\n \tNAN_CS_PK_PASN_128 = 7,\n \tNAN_CS_PK_PASN_256 = 8,\n+\t/* Keep last */\n+\tNAN_CS_MAX,\n };\n \n struct nan_cipher_suite {\ndiff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex 266dcb05b6..eb740c8a5f 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -1243,14 +1243,70 @@ static int wpas_nan_set_ndp_schedule(struct wpa_supplicant *wpa_s,\n }\n \n \n+static int wpas_nan_fill_nd_pmk(struct wpa_supplicant *wpa_s,\n+\t\t\t\tstruct nan_ndp_params *ndp,\n+\t\t\t\tint handle,\n+\t\t\t\tconst u8 *publisher_nmi,\n+\t\t\t\tconst char *pwd)\n+{\n+\tu8 service_id[NAN_SERVICE_ID_LEN];\n+\n+\tif (ndp->sec.csid < NAN_CS_NONE || ndp->sec.csid >= NAN_CS_MAX) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Invalid CSID value: %d\",\n+\t\t\t ndp->sec.csid);\n+\t\treturn -1;\n+\t}\n+\n+\tif (ndp->sec.csid == NAN_CS_NONE)\n+\t\treturn 0;\n+\n+\t/* Security parameters are not needed in confirmation */\n+\tif (ndp->type == NAN_NDP_ACTION_CONF)\n+\t\treturn 0;\n+\n+\tif (!(wpa_s->nan_supported_csids & BIT(ndp->sec.csid))) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t \"NAN: Requested CSID %d not supported\",\n+\t\t\t\t ndp->sec.csid);\n+\t\t\treturn -1;\n+\t}\n+\n+\tif (!pwd || os_strlen(pwd) == 0) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Password required for CSID %d\",\n+\t\t\t ndp->sec.csid);\n+\t\treturn -1;\n+\t}\n+\n+\t/*\n+\t * Get service ID from the local handle (subscribe on\n+\t * requester and publish on responder)\n+\t */\n+\tif (!nan_de_is_valid_instance_id(wpa_s->nan_de,\n+\t\t\t\t\thandle,\n+\t\t\t\t\tndp->type == NAN_NDP_ACTION_RESP,\n+\t\t\t\t\tservice_id)) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Invalid service instance handle: %d\",\n+\t\t\t handle);\n+\t\treturn -1;\n+\t}\n+\n+\treturn nan_crypto_derive_nd_pmk(pwd, service_id, ndp->sec.csid,\n+\t\t\t\t\tpublisher_nmi, ndp->sec.pmk);\n+}\n+\n+\n /* Command format NAN_NDP_REQUEST handle=<id> ndi=<ifname> peer_nmi=<nmi>\n- peer_id=<peer_instance_id> ssi=<hexdata> qos=<slots:latency> */\n+ peer_id=<peer_instance_id> ssi=<hexdata> qos=<slots:latency>\n+ [csid = <cipher_suite> password=<string>] */\n int wpas_nan_ndp_request(struct wpa_supplicant *wpa_s, char *cmd)\n {\n \tstruct nan_ndp_params ndp;\n \tstruct wpabuf *ssi_buf = NULL;\n \tchar *token, *context = NULL;\n-\tchar *pos;\n+\tchar *pos, *pwd = NULL;\n \tint handle = -1;\n \tint ret = -1;\n \n@@ -1338,7 +1394,10 @@ int wpas_nan_ndp_request(struct wpa_supplicant *wpa_s, char *cmd)\n \t\t\t\t\t pos);\n \t\t\t\tgoto fail;\n \t\t\t}\n-\n+\t\t} else if (os_strcmp(token, \"csid\") == 0) {\n+\t\t\tndp.sec.csid = atoi(pos);\n+\t\t} else if (os_strcmp(token, \"password\") == 0) {\n+\t\t\tpwd = pos;\n \t\t} else {\n \t\t\twpa_printf(MSG_DEBUG, \"NAN: Unknown parameter: %s\",\n \t\t\t\t token);\n@@ -1371,6 +1430,14 @@ int wpas_nan_ndp_request(struct wpa_supplicant *wpa_s, char *cmd)\n \t\tgoto fail;\n \t}\n \n+\t/* Derive NDP PMK if needed */\n+\tif (wpas_nan_fill_nd_pmk(wpa_s, &ndp, handle,\n+\t\t\t\t ndp.ndp_id.peer_nmi, pwd) < 0) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Failed to derive NDP PMK\");\n+\t\tgoto fail;\n+\t}\n+\n \tif (wpas_nan_set_ndp_schedule(wpa_s, &ndp)) {\n \t\twpa_printf(MSG_DEBUG,\n \t\t\t \"NAN: Failed to set NDP schedule\");\n@@ -1392,13 +1459,15 @@ fail:\n /* Command format NAN_NDP_RESPONSE accept|reject peer_nmi=<nmi>\n [reason_code=<reject_reason>]\n [ndi=<ifname> handle=<service_handle> init_ndi=<ndi>\n- ndp_id=<id> [ssi=<hexdata>] [qos=<slots:latency>]] */\n+ ndp_id=<id> [ssi=<hexdata>] [qos=<slots:latency>]\n+ [csid=<csid> password=<string>]] */\n int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n {\n \tstruct nan_ndp_params ndp;\n \tstruct wpabuf *ssi_buf = NULL;\n \tchar *token, *context = NULL;\n-\tchar *pos;\n+\tchar *pos, *pwd = NULL;\n+\tint handle = -1;\n \tint ret = -1;\n \n \tos_memset(&ndp, 0, sizeof(ndp));\n@@ -1497,19 +1566,50 @@ int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n \t\t\t\t\t pos);\n \t\t\t\tgoto fail;\n \t\t\t}\n+\t\t} else if (os_strcmp(token, \"handle\") == 0) {\n+\t\t\thandle = atoi(pos);\n+\t\t} else if (os_strcmp(token, \"csid\") == 0) {\n+\t\t\tndp.sec.csid = atoi(pos);\n+\t\t} else if (os_strcmp(token, \"password\") == 0) {\n+\t\t\tpwd = pos;\n \t\t} else {\n \t\t\twpa_printf(MSG_DEBUG, \"NAN: Unknown parameter: %s\",\n \t\t\t\t token);\n \t\t}\n \t}\n \n+\t/* If we initiated the NDP setup, we are the subscriber */\n+\tif (ether_addr_equal(ndp.u.resp.resp_ndi,\n+\t\t\t ndp.ndp_id.init_ndi))\n+\t\tndp.type = NAN_NDP_ACTION_CONF;\n+\n \t/* Validate required parameters for accept case */\n \tif (ndp.u.resp.status == NAN_NDP_STATUS_ACCEPTED) {\n+\t\tu8 *publisher_nmi;\n+\n \t\tif (is_zero_ether_addr(ndp.u.resp.resp_ndi)) {\n \t\t\twpa_printf(MSG_DEBUG,\n \t\t\t\t \"NAN: Missing required parameter for accept: ndi\");\n \t\t\tgoto fail;\n \t\t}\n+\n+\t\tif (ndp.type == NAN_NDP_ACTION_CONF)\n+\t\t\tpublisher_nmi = ndp.ndp_id.peer_nmi;\n+\t\telse\n+\t\t\tpublisher_nmi = wpa_s->own_addr;\n+\n+\t\tif (handle < 1) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t \"NAN: Missing required parameter for accept: handle\");\n+\t\t\tgoto fail;\n+\t\t}\n+\n+\t\t/* Fill the ND-PMK if needed */\n+\t\tif (wpas_nan_fill_nd_pmk(wpa_s, &ndp, handle,\n+\t\t\t\t\t publisher_nmi, pwd)) {\n+\t\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to derive NDP PMK\");\n+\t\t\tgoto fail;\n+\t\t}\n \t}\n \n \t/* Validate common required parameters */\n@@ -1542,10 +1642,6 @@ int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n \t\tgoto fail;\n \t}\n \n-\t/* If we initiated the NDP setup, this must be the confirmation */\n-\tif (ether_addr_equal(ndp.u.resp.resp_ndi, ndp.ndp_id.init_ndi))\n-\t\tndp.type = NAN_NDP_ACTION_CONF;\n-\n \tret = nan_handle_ndp_setup(wpa_s->nan, &ndp);\n \tif (ret < 0)\n \t\twpa_printf(MSG_DEBUG, \"NAN: Failed to handle NDP response\");\n", "prefixes": [ "23/71" ] }