Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2226346/?format=api
{ "id": 2226346, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2226346/?format=api", "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-8-andrei.otcheretianski@intel.com/", "project": { "id": 22, "url": "http://patchwork.ozlabs.org/api/1.2/projects/22/?format=api", "name": "HostAP Development", "link_name": "hostap", "list_id": "hostap.lists.infradead.org", "list_email": "hostap@lists.infradead.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260422122424.43776-8-andrei.otcheretianski@intel.com>", "list_archive_url": null, "date": "2026-04-22T12:22:58", "name": "[07/92] PASN: Add support for PMK caching with PASN AKM", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "0632c880b8381beade5a093c236e134a203dfcf8", "submitter": { "id": 62065, "url": "http://patchwork.ozlabs.org/api/1.2/people/62065/?format=api", "name": "Andrei Otcheretianski", "email": "andrei.otcheretianski@intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-8-andrei.otcheretianski@intel.com/mbox/", "series": [ { "id": 501001, "url": "http://patchwork.ozlabs.org/api/1.2/series/501001/?format=api", "web_url": "http://patchwork.ozlabs.org/project/hostap/list/?series=501001", "date": "2026-04-22T12:23:05", "name": "Add NAN PASN pairing support", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501001/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2226346/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2226346/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=SXilF27H;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=d7p4pgaE;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z2h6LPLz23Zg\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 22:25:30 +1000 (AEST)", "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWdM-0000000A2Qy-3N4t;\n\tWed, 22 Apr 2026 12:24:48 +0000", "from mgamail.intel.com ([192.198.163.17])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWdJ-0000000A2MF-3HZu\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:24:46 +0000", "from orviesa010.jf.intel.com ([10.64.159.150])\n by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:24:45 -0700", "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:24:44 -0700" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=+S7o6COojrHdlXOEpzucsoOb+HdJURITK0LZMt9Q6hY=; b=SXilF27HJetKGk\n\tl2o3TRNzhUTV5z4+kamHafcpPJtsdpN0NJj5YJXsPTNgxTHpaXThjNvGqqijWLzlNdTM6i+LRURKs\n\tI+owKt0hzAKFN7DSEZxci55ycnH9KTlGBJGfI3F2xGEEqOWBHy3CvV8k/zI116tQGKYbxstejUjdd\n\tfazZr1c/cupqc3zQfSFJb+mT5d7kO8+bWrqiZ5sVxdWSHi7nt9wNzB2YkTALK96JEus4eOtxFU+Rx\n\t5oIaWp51Tn5I/DYZQkdRfLqw2ZObKFhe94Z6vHcS3p/wYqA17AaqZovwetBQiRZ2qG4qICuYSUU9p\n\tHNs03a40n0t6+NNDisXA==;", "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1776860685; x=1808396685;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=rgaoTeajiM4Q2nQHBupZ57yNvcmfunsnT9nycvqq1+E=;\n b=d7p4pgaEvQmkFzKQZBUjn3iPYN9MOKnJuU7XsAtTht2zZlUG0mobKLJ9\n uzHsuitMCW40sJANjeJFQTr+yXqngPtBLEvbcBQCpIgXVTryy89WZXqeL\n LYN8dOy4T3WCAFfA70wbK64w+aDDM9kDkHaxqRzX5/Ls/95aBb3k50qem\n NqdqXyLGwbTrRiPs9ThnR9yWuNy39CEtcBJ1dd/lIA07YCq8mukaPQUVM\n 2Bg9rpsR/At7U9+XMdebt24uCNIpxioSQY/mYLo/gWaSSjGTQlvnU6qxC\n u8scNBCYXnfUxwWKsX9p95ZvpzdU9abmBoKSMjTjPaoGWduhilxQkjXeH\n g==;" ], "X-CSE-ConnectionGUID": [ "P9yz5HCdQASR4J0gAkYdWg==", "xpVY48+cQIWH18WFqWWMAg==" ], "X-CSE-MsgGUID": [ "ltcSwUUZSieuLdTC+Vpm5g==", "+WL0mH3ESB2YfjkA6aqOkg==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11764\"; a=\"77687109\"", "E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"77687109\"", "E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"231444845\"" ], "X-ExtLoop1": "1", "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>", "To": "hostap@lists.infradead.org", "Cc": "vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>", "Subject": "[PATCH 07/92] PASN: Add support for PMK caching with PASN AKM", "Date": "Wed, 22 Apr 2026 15:22:58 +0300", "Message-ID": "<20260422122424.43776-8-andrei.otcheretianski@intel.com>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>", "References": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>", "MIME-Version": "1.0", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20260422_052445_847306_83B6C843 ", "X-CRM114-Status": "GOOD ( 15.25 )", "X-Spam-Score": "-4.4 (----)", "X-Spam-Report": "Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: From: Avraham Stern <avraham.stern@intel.com> WiFi Aware\n Specification\n version 4.0, section 7.6.4.3 defines NPK caching for pairing setup using\n opportunistic bootstrapping which uses PASN AKM. Add support for PASN PMKSA\n caching with PASN AKM for [...]\n Content analysis details: (-4.4 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [192.198.163.17 listed in list.dnswl.org]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender", "X-BeenThere": "hostap@lists.infradead.org", "X-Mailman-Version": "2.1.34", "Precedence": "list", "List-Id": "<hostap.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>", "List-Post": "<mailto:hostap@lists.infradead.org>", "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>", "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "From: Avraham Stern <avraham.stern@intel.com>\n\nWiFi Aware Specification version 4.0, section 7.6.4.3 defines NPK\ncaching for pairing setup using opportunistic bootstrapping which\nuses PASN AKM.\nAdd support for PASN PMKSA caching with PASN AKM for PASN initiator\nand responder:\n1. Add an option to add a PMKSA with PASN AKM to the PMKSA cache\n2. When handling PASN auth frames, use a cached PMK if available\n or if a PMKID is specified in the RSN IE.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n src/common/proximity_ranging.c | 6 ++++--\n src/p2p/p2p.c | 4 ++--\n src/pasn/pasn_common.h | 4 ++--\n src/pasn/pasn_initiator.c | 8 ++++----\n src/pasn/pasn_responder.c | 27 +++++++++++++++++----------\n 5 files changed, 29 insertions(+), 20 deletions(-)", "diff": "diff --git a/src/common/proximity_ranging.c b/src/common/proximity_ranging.c\nindex 449d8f3bb6..8d5fb3a4a8 100644\n--- a/src/common/proximity_ranging.c\n+++ b/src/common/proximity_ranging.c\n@@ -1768,14 +1768,16 @@ static int pr_pasn_initialize(struct pr_data *pr, struct pr_device *dev,\n \t\t\t\t\t\t pasn->peer_addr,\n \t\t\t\t\t\t dev->pmk,\n \t\t\t\t\t\t dev->pmk_len,\n-\t\t\t\t\t\t pmkid);\n+\t\t\t\t\t\t pmkid,\n+\t\t\t\t\t\t WPA_KEY_MGMT_SAE);\n \t\telse\n \t\t\tpasn_responder_pmksa_cache_add(pr->responder_pmksa,\n \t\t\t\t\t\t pasn->own_addr,\n \t\t\t\t\t\t pasn->peer_addr,\n \t\t\t\t\t\t dev->pmk,\n \t\t\t\t\t\t dev->pmk_len,\n-\t\t\t\t\t\t pmkid);\n+\t\t\t\t\t\t pmkid,\n+\t\t\t\t\t\t WPA_KEY_MGMT_SAE);\n \t\tpasn->akmp = WPA_KEY_MGMT_SAE;\n \t} else {\n \t\tpasn->akmp = WPA_KEY_MGMT_PASN;\ndiff --git a/src/p2p/p2p.c b/src/p2p/p2p.c\nindex cbd4fb7625..cf0b4236c5 100644\n--- a/src/p2p/p2p.c\n+++ b/src/p2p/p2p.c\n@@ -7317,9 +7317,9 @@ void p2p_pasn_pmksa_set_pmk(struct p2p_data *p2p, const u8 *src, const u8 *dst,\n \t\t\t const u8 *pmk, size_t pmk_len, const u8 *pmkid)\n {\n \tpasn_initiator_pmksa_cache_add(p2p->initiator_pmksa, src, dst, pmk,\n-\t\t\t\t pmk_len, pmkid);\n+\t\t\t\t pmk_len, pmkid, WPA_KEY_MGMT_SAE);\n \tpasn_responder_pmksa_cache_add(p2p->responder_pmksa, src, dst, pmk,\n-\t\t\t\t pmk_len, pmkid);\n+\t\t\t\t pmk_len, pmkid, WPA_KEY_MGMT_SAE);\n }\n \n \ndiff --git a/src/pasn/pasn_common.h b/src/pasn/pasn_common.h\nindex ca5fa57eaa..910cdf5919 100644\n--- a/src/pasn/pasn_common.h\n+++ b/src/pasn/pasn_common.h\n@@ -317,7 +317,7 @@ void pasn_initiator_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);\n int pasn_initiator_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,\n \t\t\t\t const u8 *own_addr, const u8 *bssid,\n \t\t\t\t const u8 *pmk, size_t pmk_len,\n-\t\t\t\t const u8 *pmkid);\n+\t\t\t\t const u8 *pmkid, int akmp);\n int pasn_initiator_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,\n \t\t\t\t const u8 *bssid, u8 *pmkid, u8 *pmk,\n \t\t\t\t size_t *pmk_len);\n@@ -343,7 +343,7 @@ void pasn_responder_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);\n int pasn_responder_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,\n \t\t\t\t const u8 *own_addr, const u8 *bssid,\n \t\t\t\t const u8 *pmk, size_t pmk_len,\n-\t\t\t\t const u8 *pmkid);\n+\t\t\t\t const u8 *pmkid, int akmp);\n int pasn_responder_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,\n \t\t\t\t const u8 *bssid, u8 *pmkid, u8 *pmk,\n \t\t\t\t size_t *pmk_len);\ndiff --git a/src/pasn/pasn_initiator.c b/src/pasn/pasn_initiator.c\nindex 509eca9d34..b1cf36b971 100644\n--- a/src/pasn/pasn_initiator.c\n+++ b/src/pasn/pasn_initiator.c\n@@ -42,10 +42,10 @@ void pasn_initiator_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)\n int pasn_initiator_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,\n \t\t\t\t const u8 *own_addr, const u8 *bssid,\n \t\t\t\t const u8 *pmk,\n-\t\t\t\t size_t pmk_len, const u8 *pmkid)\n+\t\t\t\t size_t pmk_len, const u8 *pmkid, int akmp)\n {\n \tif (pmksa_cache_add(pmksa, pmk, pmk_len, pmkid, NULL, 0, bssid,\n-\t\t\t own_addr, NULL, WPA_KEY_MGMT_SAE, NULL, 0))\n+\t\t\t own_addr, NULL, akmp, NULL, 0))\n \t\treturn 0;\n \treturn -1;\n }\n@@ -957,8 +957,8 @@ static int wpas_pasn_set_pmk(struct pasn_data *pasn,\n \tos_memset(pasn->pmk, 0, sizeof(pasn->pmk));\n \tpasn->pmk_len = 0;\n \n-\tif (pasn->akmp == WPA_KEY_MGMT_PASN ||\n-\t pasn->akmp == WPA_KEY_MGMT_EPPKE) {\n+\tif ((pasn->akmp == WPA_KEY_MGMT_PASN ||\n+\t pasn->akmp == WPA_KEY_MGMT_EPPKE) && !rsn_data->num_pmkid) {\n \t\twpa_printf(MSG_DEBUG, \"PASN/EPPKE: Using default PMK\");\n \n \t\tpasn->pmk_len = WPA_PASN_PMK_LEN;\ndiff --git a/src/pasn/pasn_responder.c b/src/pasn/pasn_responder.c\nindex 7cecb943c2..faf57dc6ed 100644\n--- a/src/pasn/pasn_responder.c\n+++ b/src/pasn/pasn_responder.c\n@@ -43,10 +43,10 @@ void pasn_responder_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)\n int pasn_responder_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,\n \t\t\t\t const u8 *own_addr, const u8 *bssid,\n \t\t\t\t const u8 *pmk, size_t pmk_len,\n-\t\t\t\t const u8 *pmkid)\n+\t\t\t\t const u8 *pmkid, int akmp)\n {\n \tif (pmksa_cache_auth_add(pmksa, pmk, pmk_len, pmkid, NULL, 0, own_addr,\n-\t\t\t\t bssid, 0, NULL, WPA_KEY_MGMT_SAE))\n+\t\t\t\t bssid, 0, NULL, akmp))\n \t\treturn 0;\n \treturn -1;\n }\n@@ -448,17 +448,17 @@ pasn_derive_keys(struct pasn_data *pasn,\n \tif (!cached_pmk || !cached_pmk_len)\n \t\twpa_printf(MSG_DEBUG, \"PASN: No valid PMKSA entry\");\n \n-\tif (pasn->akmp == WPA_KEY_MGMT_PASN ||\n-\t pasn->akmp == WPA_KEY_MGMT_EPPKE) {\n-\t\twpa_printf(MSG_DEBUG, \"PASN/EPPKE: Using default PMK\");\n-\n-\t\tpmk_len = WPA_PASN_PMK_LEN;\n-\t\tos_memcpy(pmk, pasn_default_pmk, sizeof(pasn_default_pmk));\n-\t} else if (cached_pmk && cached_pmk_len) {\n+\tif (cached_pmk && cached_pmk_len) {\n \t\twpa_printf(MSG_DEBUG, \"PASN: Using PMKSA entry\");\n \n \t\tpmk_len = cached_pmk_len;\n \t\tos_memcpy(pmk, cached_pmk, cached_pmk_len);\n+\t} else if (pasn->akmp == WPA_KEY_MGMT_PASN ||\n+\t\t pasn->akmp == WPA_KEY_MGMT_EPPKE) {\n+\t\twpa_printf(MSG_DEBUG, \"PASN/EPPKE: Using default PMK\");\n+\n+\t\tpmk_len = WPA_PASN_PMK_LEN;\n+\t\tos_memcpy(pmk, pasn_default_pmk, sizeof(pasn_default_pmk));\n \t} else {\n \t\tswitch (pasn->akmp) {\n #ifdef CONFIG_SAE\n@@ -1056,7 +1056,8 @@ int handle_auth_pasn_1(struct pasn_data *pasn,\n \t}\n \n \tif (!pasn->noauth && (pasn->akmp == WPA_KEY_MGMT_PASN ||\n-\t\t\t pasn->akmp == WPA_KEY_MGMT_EPPKE)) {\n+\t\t\t pasn->akmp == WPA_KEY_MGMT_EPPKE) &&\n+\t (!rsn_data.num_pmkid || !pasn->pmksa)) {\n \t\twpa_printf(MSG_DEBUG, \"PASN/EPPKE: Refuse UNAUTH\");\n \t\tstatus = WLAN_STATUS_UNSPECIFIED_FAILURE;\n \t\tgoto send_resp;\n@@ -1173,6 +1174,12 @@ int handle_auth_pasn_1(struct pasn_data *pasn,\n \t\t\t\tif (pmksa) {\n \t\t\t\t\tcached_pmk = pmksa->pmk;\n \t\t\t\t\tcached_pmk_len = pmksa->pmk_len;\n+\t\t\t\t} else if (!pasn->noauth &&\n+\t\t\t\t\t pasn->akmp == WPA_KEY_MGMT_PASN) {\n+\t\t\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t\t\t \"PASN: No PMKSA entry found for PASN-UNAUTH\");\n+\t\t\t\t\tstatus = WLAN_STATUS_UNSPECIFIED_FAILURE;\n+\t\t\t\t\tgoto send_resp;\n \t\t\t\t}\n \t\t\t}\n \t\t}\n", "prefixes": [ "07/92" ] }