Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2229830/?format=api
{ "id": 2229830, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229830/?format=api", "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-26-andrei.otcheretianski@intel.com/", "project": { "id": 22, "url": "http://patchwork.ozlabs.org/api/1.1/projects/22/?format=api", "name": "HostAP Development", "link_name": "hostap", "list_id": "hostap.lists.infradead.org", "list_email": "hostap@lists.infradead.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260428200639.40243-26-andrei.otcheretianski@intel.com>", "date": "2026-04-28T20:05:26", "name": "[25/97] NAN: Add BIGTK KDE to NDP setup messages", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "a447a669e27f97993f0d1e6015de38c69580a9cb", "submitter": { "id": 62065, "url": "http://patchwork.ozlabs.org/api/1.1/people/62065/?format=api", "name": "Andrei Otcheretianski", "email": "andrei.otcheretianski@intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-26-andrei.otcheretianski@intel.com/mbox/", "series": [ { "id": 501927, "url": "http://patchwork.ozlabs.org/api/1.1/series/501927/?format=api", "web_url": "http://patchwork.ozlabs.org/project/hostap/list/?series=501927", "date": "2026-04-28T20:05:05", "name": "NAN: Group keys support, schedule update and more", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501927/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2229830/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2229830/checks/", "tags": {}, "headers": { "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=VOhZIeQW;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=mQ5HqJ29;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4s3w46z9z1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:10:04 +1000 (AEST)", "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHokK-00000002Eyi-3eqe;\n\tTue, 28 Apr 2026 20:09:28 +0000", "from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoin-00000002Cfh-3Z2h\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:07:56 +0000", "from fmviesa001.fm.intel.com ([10.60.135.141])\n by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:07:54 -0700", "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:07:52 -0700" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=520amVaEBX8hbfWg5Lx9HIERqT4jDPk4gTCGLaHgQOM=; b=VOhZIeQWZNnnL6\n\tlh5dKy+wvS6yzuFaE9F0snen5C0PXh/HiB8VnZJnrtKyXc8XSYxSrmWjck+vUA8U0JV9hhpsVWBPh\n\tPaPhmwzpE/848lB8cNBKs/x3SRRIcZR8scxkdqLKnWkKzYqTLHhFb8I43OF0qJNAxrKSpd9Y2U+PO\n\t8Zpljw/TzhD5szfEDH+h5k2SKib2Vvzdcw3HXLDNM9nMGiGvfKc2zDhz+uSD5gWqTfloVBve+6KSd\n\tRQPdwVmUErFHbvBg4whVlcVf344fQRMqW7NgtHVdTzVf/eI9LxMJ2ZNyXaVRdIvbDVnrx2dYiD+3U\n\t7yk6+pCkJxtrZD1aD1qw==;", "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1777406874; x=1808942874;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=hnGx7SZKsxi0W7ojFbD6XxrCvmN2bBtZNxeBFekJDOk=;\n b=mQ5HqJ29GwHFKTM2Q0jzQvgy1IjTpb3xbQL9/xfXVtfVKu4kYoPJa0YJ\n U8Jm4PqDiu32yVPtAgUhLbfT/7bDrf653FEkmsx3hoRZ4OhwSz8ef1mnB\n zexssXiBbxKPA5YanwnPqIwNhao0RxVyXEEG48JADjjGhgLGZdK8jcOvU\n 9BOwHnEEWmmVGuektL+m11HfaMng5rPi+IR42RXkRIXOs0oTyYLMJFPBH\n KaTJO79KGK2t91mbI8b+HJ/2wgJez+3DObROitefbgA5ZAB7Yp7sNlKfl\n GU1+3c65KWRwobHIbr4F8w9tabiG4q8slb1TxgRMVRgIK7wq5xaDlgtBF\n g==;" ], "X-CSE-ConnectionGUID": [ "7M5ZgopNRTuWLBcOxEywRA==", "nqaE1Nu0TsSiBxq+lHPasg==" ], "X-CSE-MsgGUID": [ "bPxmEyV1R9GKfcJWG3Iuew==", "9+vK8L+1S/yIcE+TDIg3VQ==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11770\"; a=\"78519351\"", "E=Sophos;i=\"6.23,204,1770624000\";\n d=\"scan'208\";a=\"78519351\"", "E=Sophos;i=\"6.23,204,1770624000\";\n d=\"scan'208\";a=\"257610111\"" ], "X-ExtLoop1": "1", "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>", "To": "hostap@lists.infradead.org", "Cc": "vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>", "Subject": "[PATCH 25/97] NAN: Add BIGTK KDE to NDP setup messages", "Date": "Tue, 28 Apr 2026 23:05:26 +0300", "Message-ID": "<20260428200639.40243-26-andrei.otcheretianski@intel.com>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260428200639.40243-1-andrei.otcheretianski@intel.com>", "References": "<20260428200639.40243-1-andrei.otcheretianski@intel.com>", "MIME-Version": "1.0", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20260428_130754_133361_3B17B70C ", "X-CRM114-Status": "GOOD ( 17.87 )", "X-Spam-Score": "-4.5 (----)", "X-Spam-Report": "Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: From: Avraham Stern <avraham.stern@intel.com> If BIGTK is\n supported by both peers, add the BIGTK KDE to NDP setup M3 and M4 messages.\n The KDE is added to the key data field and is encrypted by the KEK. The\n local\n BIGTK is randomized and installed [...]\n Content analysis details: (-4.5 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [198.175.65.16 listed in list.dnswl.org]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH DKIMwl.org - High trust sender", "X-BeenThere": "hostap@lists.infradead.org", "X-Mailman-Version": "2.1.34", "Precedence": "list", "List-Id": "<hostap.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>", "List-Post": "<mailto:hostap@lists.infradead.org>", "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>", "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "From: Avraham Stern <avraham.stern@intel.com>\n\nIf BIGTK is supported by both peers, add the BIGTK KDE to NDP setup\nM3 and M4 messages. The KDE is added to the key data field and is\nencrypted by the KEK. The local BIGTK is randomized and installed\nwhen NAN is started.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n src/nan/nan.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++-\n src/nan/nan_i.h | 5 +++++\n src/nan/nan_sec.c | 38 ++++++++++++++++++++++++++++++++++-\n 3 files changed, 92 insertions(+), 2 deletions(-)", "diff": "diff --git a/src/nan/nan.c b/src/nan/nan.c\nindex 6babdf51f1..0ea2c28b34 100644\n--- a/src/nan/nan.c\n+++ b/src/nan/nan.c\n@@ -226,6 +226,45 @@ static int nan_gen_igtk(struct nan_data *nan)\n }\n \n \n+static int nan_gen_bigtk(struct nan_data *nan)\n+{\n+\tu8 tsc[RSN_PN_LEN];\n+\tenum wpa_alg alg;\n+\tint cipher;\n+\n+\tif (((nan->cfg->security_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>\n+\t NAN_CS_INFO_CAPA_GTK_SUPP_POS) != NAN_CS_INFO_CAPA_GTK_SUPP_ALL) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: BIGTK not supported\");\n+\t\treturn 0;\n+\t}\n+\n+\tif (nan->cfg->security_capab &\n+\t NAN_CS_INFO_CAPA_IGTK_USE_NCS_BIP_GMAC_256) {\n+\t\talg = WPA_ALG_BIP_GMAC_256;\n+\t\tcipher = WPA_CIPHER_BIP_GMAC_256;\n+\t} else {\n+\t\talg = WPA_ALG_BIP_CMAC_128;\n+\t\tcipher = WPA_CIPHER_AES_128_CMAC;\n+\t}\n+\n+\tnan->bigtk.bigtk_len = wpa_cipher_key_len(cipher);\n+\tnan->bigtk_id = 6;\n+\tos_get_random(nan->bigtk.bigtk, nan->bigtk.bigtk_len);\n+\tos_memset(tsc, 0, sizeof(tsc));\n+\tif (nan->cfg->set_group_key(nan->cfg->cb_ctx, alg, broadcast_ether_addr,\n+\t\t\t\t nan->bigtk_id, tsc, nan->bigtk.bigtk,\n+\t\t\t\t nan->bigtk.bigtk_len,\n+\t\t\t\t KEY_FLAG_GROUP_TX_DEFAULT) < 0) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to install own BIGTK\");\n+\t\treturn -1;\n+\t}\n+\n+\twpa_hexdump_key(MSG_DEBUG, \"NAN: New own BIGTK\", nan->bigtk.bigtk,\n+\t\t\tnan->bigtk.bigtk_len);\n+\treturn 0;\n+}\n+\n+\n int nan_start(struct nan_data *nan, const struct nan_cluster_config *config)\n {\n \tint ret;\n@@ -244,7 +283,7 @@ int nan_start(struct nan_data *nan, const struct nan_cluster_config *config)\n \t}\n \tnan->nan_started = 1;\n \n-\tif (nan_gen_igtk(nan) < 0) {\n+\tif (nan_gen_igtk(nan) < 0 || nan_gen_bigtk(nan) < 0) {\n \t\tnan_stop(nan);\n \t\treturn -1;\n \t}\n@@ -307,6 +346,16 @@ void nan_stop(struct nan_data *nan)\n \t\tnan->igtk_id = 0;\n \t}\n \n+\tif (nan->bigtk.bigtk_len) {\n+\t\tif (nan->cfg->set_group_key(nan->cfg->cb_ctx, WPA_ALG_NONE,\n+\t\t\t\t\t NULL, nan->bigtk_id, NULL, NULL,\n+\t\t\t\t\t 0, KEY_FLAG_GROUP))\n+\t\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to clear Own BIGTK\");\n+\n+\t\tnan->bigtk.bigtk_len = 0;\n+\t\tnan->bigtk_id = 0;\n+\t}\n+\n \tnan_flush(nan);\n \tnan->cfg->stop(nan->cfg->cb_ctx);\n }\ndiff --git a/src/nan/nan_i.h b/src/nan/nan_i.h\nindex 5f43d5325e..e3babcd171 100644\n--- a/src/nan/nan_i.h\n+++ b/src/nan/nan_i.h\n@@ -563,6 +563,8 @@ struct nan_peer {\n * @responder_pmksa: PMKSA cache for PASN-PMK authentication as a responder\n * @igtk: IGTK for NAN secure NDP\n * @igtk_id: Key ID of the IGTK\n+ * @bigtk: BIGTK for NAN secure NDP\n+ * @bigtk_id: Key ID of the BIGTK\n */\n struct nan_data {\n \tstruct nan_config *cfg;\n@@ -582,6 +584,9 @@ struct nan_data {\n \n \tstruct wpa_igtk igtk;\n \tu8 igtk_id;\n+\n+\tstruct wpa_bigtk bigtk;\n+\tu8 bigtk_id;\n };\n \n struct nan_attrs_entry {\ndiff --git a/src/nan/nan_sec.c b/src/nan/nan_sec.c\nindex 07dd47dbae..115fb137a2 100644\n--- a/src/nan/nan_sec.c\n+++ b/src/nan/nan_sec.c\n@@ -808,8 +808,41 @@ static int nan_sec_igtk_kde(struct nan_data *nan, struct wpabuf *buf)\n \treturn 0;\n }\n \n+#define NAN_KDES_MAX_LEN \\\n+\t(KDE_HDR_LEN + sizeof(struct wpa_igtk_kde) + KDE_HDR_LEN + \\\n+\t sizeof(struct wpa_bigtk_kde))\n \n-#define NAN_KDES_MAX_LEN\t(KDE_HDR_LEN + sizeof(struct wpa_igtk_kde))\n+static int nan_sec_bigtk_kde(struct nan_data *nan, struct nan_ndp_sec *ndp_sec,\n+\t\t\t struct wpabuf *buf)\n+{\n+\tu8 tsc[RSN_PN_LEN];\n+\n+\tif (((ndp_sec->i_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>\n+\t NAN_CS_INFO_CAPA_GTK_SUPP_POS) != NAN_CS_INFO_CAPA_GTK_SUPP_ALL) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: BIGTK not supported by initiator\");\n+\t\treturn 0;\n+\t}\n+\n+\tif (((ndp_sec->r_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>\n+\t NAN_CS_INFO_CAPA_GTK_SUPP_POS) != NAN_CS_INFO_CAPA_GTK_SUPP_ALL) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: BIGTK not supported by responder\");\n+\t\treturn 0;\n+\t}\n+\n+\tif (nan->cfg->get_seqnum(nan->cfg->cb_ctx, nan->bigtk_id, tsc) < 0) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to get BIGTK seqnum\");\n+\t\treturn -1;\n+\t}\n+\n+\tnan_add_kde_hdr(buf, RSN_KEY_DATA_BIGTK,\n+\t\t\tWPA_BIGTK_KDE_PREFIX_LEN + nan->bigtk.bigtk_len);\n+\twpabuf_put_le16(buf, nan->bigtk_id);\n+\twpabuf_put_data(buf, tsc, sizeof(tsc));\n+\twpabuf_put_data(buf, nan->bigtk.bigtk, nan->bigtk.bigtk_len);\n+\treturn 0;\n+}\n \n \n static bool nan_sec_igtk_supported(struct nan_ndp_sec *ndp_sec)\n@@ -853,6 +886,9 @@ static int nan_sec_add_kdes(struct nan_data *nan,\n \tif (nan_sec_igtk_kde(nan, kde_buf) < 0)\n \t\tgoto fail;\n \n+\tif (nan_sec_bigtk_kde(nan, ndp_sec, kde_buf) < 0)\n+\t\tgoto fail;\n+\n \tenc_kde = nan_crypto_encrypt_key_data(kde_buf, ndp_sec->ptk.kek,\n \t\t\t\t\t ndp_sec->ptk.kek_len);\n \tif (!enc_kde) {\n", "prefixes": [ "25/97" ] }