Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2229833,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229833/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-27-andrei.otcheretianski@intel.com/",
    "project": {
        "id": 22,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/22/?format=api",
        "name": "HostAP Development",
        "link_name": "hostap",
        "list_id": "hostap.lists.infradead.org",
        "list_email": "hostap@lists.infradead.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20260428200639.40243-27-andrei.otcheretianski@intel.com>",
    "date": "2026-04-28T20:05:27",
    "name": "[26/97] NAN: Process IGTK KDE from NDP setup messages",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "a8856e485aa0d720f7decf874fba42f2ddea1ec4",
    "submitter": {
        "id": 62065,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/62065/?format=api",
        "name": "Andrei Otcheretianski",
        "email": "andrei.otcheretianski@intel.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-27-andrei.otcheretianski@intel.com/mbox/",
    "series": [
        {
            "id": 501927,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/501927/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/hostap/list/?series=501927",
            "date": "2026-04-28T20:05:05",
            "name": "NAN: Group keys support, schedule update and more",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/501927/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2229833/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2229833/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=31yeM8Y2;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=b1mvOfkQ;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4s4838R5z1xrS\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:10:16 +1000 (AEST)",
            "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoka-00000002FHZ-01IX;\n\tTue, 28 Apr 2026 20:09:44 +0000",
            "from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoiq-00000002Cfh-3pFG\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:08:00 +0000",
            "from fmviesa001.fm.intel.com ([10.60.135.141])\n  by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:07:55 -0700",
            "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:07:53 -0700"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=9vsWLkNu5idX2oQUYugcLm0lbafI77cQGFG2XCdZhZQ=; b=31yeM8Y2iwTF3n\n\tt2xCThkBV0g9Z2ZMZnMqaJBNxNbOXtqimrdhcTY721IOOpiF0o+e61kniHKc9tBnEnVcMoz6H7fTR\n\ts76YSi4M1cHVlMhJQzh0X6mBWYOCzlslSg5Kc/jzDYfc0Od2PGusNyJB5RBm7BEfO9lUrMR5fXn81\n\tejqLnp4ZyDxWgMjB7B+zwwdWvYhfm3QiBA+UV/zwkNmwRzKpIwHAFCEJOckjxcZvwgBLi+4tFjEjD\n\tTIbJrTjfjg3PSECbQDd3qiRtp1YSQYjpjLh8BwItaO0Vl4JXaVEqlVhKb4/J6Gqod8s+4/6pbwGea\n\tP/1GJUQKBVuVTBFSWnsg==;",
            "v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1777406878; x=1808942878;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=swzAYLB96fMo5ejALLX7vvFezBJUU7uNbtkS00+KeGw=;\n  b=b1mvOfkQ9BmHmVRSzTTAzD1ZTEmMYfjc7GZaFxGN5v+qbQiaXdatUGmx\n   5GqoJu05yzdgYJ8Mi6/6dx2Bq5aRh672Jw5x6/Xf2EQMwvrm1azCo/YSf\n   GBsXpcWRnqR5nAa6xYk3siCE07bS7BjuRiK96zlPeOv/M6Y8E+yi3JS9V\n   trqlZ4RX8gU9UTY5Xmcc1lYcjmMVObP1P3Kb9AgvEdCst98HbHU6szdiq\n   R2RsEOCGVvMjbaIiyHAt/M6wJWdjXCPs8/ck2Tz2LWGnkExfVZk7A0nQJ\n   ILCDNNxW8Nc8ZjQ+YT3VSZDVF+x5UrmznJtSHpu6LRGHuAuEWHtWNLi3l\n   A==;"
        ],
        "X-CSE-ConnectionGUID": [
            "QqkM5ugbQUOL/ZKnBCc+KA==",
            "dcANzyOeQDSqrTDDcH1PqA=="
        ],
        "X-CSE-MsgGUID": [
            "J/cTOENASWelHTu0hN+yGg==",
            "KxhKC8QmT/GQhV7uqX9v8Q=="
        ],
        "X-IronPort-AV": [
            "E=McAfee;i=\"6800,10657,11770\"; a=\"78519354\"",
            "E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"78519354\"",
            "E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"257610126\""
        ],
        "X-ExtLoop1": "1",
        "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>",
        "To": "hostap@lists.infradead.org",
        "Cc": "vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>",
        "Subject": "[PATCH 26/97] NAN: Process IGTK KDE from NDP setup messages",
        "Date": "Tue, 28 Apr 2026 23:05:27 +0300",
        "Message-ID": "<20260428200639.40243-27-andrei.otcheretianski@intel.com>",
        "X-Mailer": "git-send-email 2.53.0",
        "In-Reply-To": "<20260428200639.40243-1-andrei.otcheretianski@intel.com>",
        "References": "<20260428200639.40243-1-andrei.otcheretianski@intel.com>",
        "MIME-Version": "1.0",
        "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ",
        "X-CRM114-CacheID": "sfid-20260428_130757_255645_4BF3A9AA ",
        "X-CRM114-Status": "GOOD (  17.66  )",
        "X-Spam-Score": "-4.5 (----)",
        "X-Spam-Report": "Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Avraham Stern <avraham.stern@intel.com> When an IGTK\n    KDE is included in the key data field of NDP setup M3 and M4 messages,\n parse\n    the KDE and install the IGTK for Rx from this peer. Signed-off-by: Avraham\n    Stern <avraham.stern@intel.com> --- src/nan/nan_i.h | 3 ++\n src/nan/nan_sec.c\n    | 114 ++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 112\n    insertions(+), 5 deletions [...]\n Content analysis details:   (-4.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [198.175.65.16 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender",
        "X-BeenThere": "hostap@lists.infradead.org",
        "X-Mailman-Version": "2.1.34",
        "Precedence": "list",
        "List-Id": "<hostap.lists.infradead.org>",
        "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>",
        "List-Post": "<mailto:hostap@lists.infradead.org>",
        "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>",
        "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>",
        "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"
    },
    "content": "From: Avraham Stern <avraham.stern@intel.com>\n\nWhen an IGTK KDE is included in the key data field of NDP setup\nM3 and M4 messages, parse the KDE and install the IGTK for Rx\nfrom this peer.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n src/nan/nan_i.h   |   3 ++\n src/nan/nan_sec.c | 114 ++++++++++++++++++++++++++++++++++++++++++++--\n 2 files changed, 112 insertions(+), 5 deletions(-)",
    "diff": "diff --git a/src/nan/nan_i.h b/src/nan/nan_i.h\nindex e3babcd171..a21e9d3f8e 100644\n--- a/src/nan/nan_i.h\n+++ b/src/nan/nan_i.h\n@@ -528,6 +528,7 @@ struct nan_pairing_peer_data {\n  * @ndl: NDL data associated with this peer\n  * @bootstrap: Bootstrap information of the peer\n  * @pairing: Pairing data associated with this peer\n+ * @igtk_id: IGTK key ID used with this peer. Zero if IGTK is not used.\n  */\n struct nan_peer {\n \tstruct dl_list list;\n@@ -545,6 +546,8 @@ struct nan_peer {\n \tstruct nan_bootstrap bootstrap;\n \n \tstruct nan_pairing_peer_data pairing;\n+\n+\tu8 igtk_id;\n };\n \n /**\ndiff --git a/src/nan/nan_sec.c b/src/nan/nan_sec.c\nindex 115fb137a2..7220fc7fa3 100644\n--- a/src/nan/nan_sec.c\n+++ b/src/nan/nan_sec.c\n@@ -422,6 +422,94 @@ static int nan_sec_rx_m4(struct nan_data *nan, struct nan_peer *peer,\n }\n \n \n+static int nan_sec_rx_key_data(struct nan_data *nan,\n+\t\t\t       struct nan_peer *peer, u8 peer_capab,\n+\t\t\t       const u8 *enc_key_data, size_t key_data_len)\n+{\n+\tstruct wpabuf *key_data = NULL;\n+\tstruct wpa_eapol_ie_parse ie;\n+\tstruct nan_ndp_sec *ndp_sec = &peer->ndp_setup.sec;\n+\tint ret = -1;\n+\tint cipher;\n+\tunsigned int key_len;\n+\tenum wpa_alg alg;\n+\n+\tif (((peer_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>\n+\t     NAN_CS_INFO_CAPA_GTK_SUPP_POS) == NAN_CS_INFO_CAPA_GTK_SUPP_NONE) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: SEC: Peer does not support IGTK/BIGTK, ignore key data\");\n+\t\treturn 0;\n+\t}\n+\n+\tif (peer_capab & NAN_CS_INFO_CAPA_IGTK_USE_NCS_BIP_GMAC_256) {\n+\t\tcipher = WPA_CIPHER_BIP_GMAC_256;\n+\t\talg = WPA_ALG_BIP_GMAC_256;\n+\t} else {\n+\t\tcipher = WPA_CIPHER_AES_128_CMAC;\n+\t\talg = WPA_ALG_BIP_CMAC_128;\n+\t}\n+\n+\tkey_len = wpa_cipher_key_len(cipher);\n+\n+\tkey_data = nan_crypto_decrypt_key_data(ndp_sec->ptk.kek,\n+\t\t\t\t\t       ndp_sec->ptk.kek_len,\n+\t\t\t\t\t       enc_key_data, key_data_len);\n+\tif (!key_data) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: SEC: Failed to decrypt key data\");\n+\t\treturn -1;\n+\t}\n+\n+\tif (wpa_parse_kde_ies(wpabuf_head(key_data), wpabuf_len(key_data),\n+\t\t\t      &ie) < 0) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: SEC: Failed to parse decrypted key data\");\n+\t\tgoto fail;\n+\t}\n+\n+\tif (ie.igtk && ie.igtk_len) {\n+\t\tstruct wpa_igtk_kde *igtk_kde = (struct wpa_igtk_kde *)ie.igtk;\n+\t\tu16 key_idx;\n+\n+\t\tif (ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + key_len) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t   \"NAN: SEC: Invalid IGTK KDE length: %zu (expected %u)\",\n+\t\t\t\t   ie.igtk_len,\n+\t\t\t\t   WPA_IGTK_KDE_PREFIX_LEN + key_len);\n+\t\t\tgoto fail;\n+\t\t}\n+\n+\t\t/* Key ID must be 4 or 5, see Wi-Fi Aware Specification v4.0,\n+\t\t * section 7.1.3.3\n+\t\t */\n+\t\tkey_idx = WPA_GET_LE16(igtk_kde->keyid);\n+\t\tif (key_idx < 4 || key_idx > 5) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t   \"NAN: SEC: Invalid IGTK key index: %u\",\n+\t\t\t\t   key_idx);\n+\t\t\tgoto fail;\n+\t\t}\n+\n+\t\tif (nan->cfg->set_group_key(nan->cfg->cb_ctx, alg,\n+\t\t\t\t\t    peer->nmi_addr, key_idx,\n+\t\t\t\t\t    igtk_kde->pn, igtk_kde->igtk,\n+\t\t\t\t\t    key_len, KEY_FLAG_GROUP_RX) < 0) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t   \"NAN: SEC: Failed to install IGTK\");\n+\t\t\tgoto fail;\n+\t\t}\n+\n+\t\tpeer->igtk_id = key_idx;\n+\t\twpa_hexdump_key(MSG_DEBUG, \"NAN: SEC: Received IGTK\",\n+\t\t\t\tigtk_kde->igtk, key_len);\n+\t}\n+\n+\tret = 0;\n+fail:\n+\twpabuf_clear_free(key_data);\n+\treturn ret;\n+}\n+\n+\n /**\n  * nan_sec_rx - Handle security context for Rx frames\n  * @nan: NAN module context from nan_init()\n@@ -437,7 +525,7 @@ int nan_sec_rx(struct nan_data *nan, struct nan_peer *peer,\n \tstruct wpa_eapol_key *key;\n \tstruct nan_shared_key *shared_key_desc;\n \tsize_t shared_key_desc_len;\n-\tu16 info, desc;\n+\tu16 info, desc, key_data_len;\n \tsize_t total_len;\n \tu8 instance_id, cipher, capab, gtk_csid;\n \tu8 *pos;\n@@ -498,8 +586,9 @@ int nan_sec_rx(struct nan_data *nan, struct nan_peer *peer,\n \t\t\treturn -1;\n \t\t}\n \n-\t\ttotal_len += NAN_KEY_MIC_LEN +\n-\t\t\tWPA_GET_BE16(pos + NAN_KEY_MIC_LEN);\n+\t\tkey_data_len = WPA_GET_BE16(pos + NAN_KEY_MIC_LEN);\n+\t\ttotal_len += NAN_KEY_MIC_LEN + key_data_len;\n+\t\tpos += NAN_KEY_MIC_LEN + 2;\n \n \t\tif (total_len >\n \t\t    (shared_key_desc_len - sizeof(struct nan_shared_key))) {\n@@ -516,8 +605,9 @@ int nan_sec_rx(struct nan_data *nan, struct nan_peer *peer,\n \t\t\treturn -1;\n \t\t}\n \n-\t\ttotal_len += NAN_KEY_MIC_24_LEN +\n-\t\t\tWPA_GET_BE16(pos + NAN_KEY_MIC_24_LEN);\n+\t\tkey_data_len = WPA_GET_BE16(pos + NAN_KEY_MIC_24_LEN);\n+\t\ttotal_len += NAN_KEY_MIC_24_LEN + key_data_len;\n+\t\tpos += NAN_KEY_MIC_24_LEN + 2;\n \n \t\tif (total_len >\n \t\t    (shared_key_desc_len - sizeof(struct nan_shared_key))) {\n@@ -601,12 +691,26 @@ int nan_sec_rx(struct nan_data *nan, struct nan_peer *peer,\n \t\t    !(info & WPA_KEY_INFO_SECURE))\n \t\t\treturn -1;\n \t\tret = nan_sec_rx_m3(nan, peer, msg, key);\n+\n+\t\t/* Ignore unencrypted key data */\n+\t\tif (!ret && key_data_len > 0 &&\n+\t\t    (info & WPA_KEY_INFO_ENCR_KEY_DATA))\n+\t\t\tret = nan_sec_rx_key_data(nan, peer,\n+\t\t\t\t\t\t  ndp_sec->i_capab, pos,\n+\t\t\t\t\t\t  key_data_len);\n \t\tbreak;\n \tcase NAN_SUBTYPE_DATA_PATH_KEY_INSTALL:\n \t\tif (!(info & WPA_KEY_INFO_MIC) ||\n \t\t    !(info & WPA_KEY_INFO_SECURE))\n \t\t\treturn -1;\n \t\tret = nan_sec_rx_m4(nan, peer, msg, key);\n+\n+\t\t/* Ignore unencrypted key data */\n+\t\tif (!ret && key_data_len > 0 &&\n+\t\t    (info & WPA_KEY_INFO_ENCR_KEY_DATA))\n+\t\t\tret = nan_sec_rx_key_data(nan, peer,\n+\t\t\t\t\t\t  ndp_sec->r_capab, pos,\n+\t\t\t\t\t\t  key_data_len);\n \t\tbreak;\n \tdefault:\n \t\twpa_printf(MSG_DEBUG, \"NAN: SEC: Invalid frame OUI subtype\");\n",
    "prefixes": [
        "26/97"
    ]
}