Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2226377,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/2226377/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-31-andrei.otcheretianski@intel.com/",
    "project": {
        "id": 22,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/22/?format=api",
        "name": "HostAP Development",
        "link_name": "hostap",
        "list_id": "hostap.lists.infradead.org",
        "list_email": "hostap@lists.infradead.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260422122424.43776-31-andrei.otcheretianski@intel.com>",
    "list_archive_url": null,
    "date": "2026-04-22T12:23:21",
    "name": "[30/92] NAN: Add functions for deriving NPK and KEK from KDK",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "350b0713337693e4b1800e79cd095fe5fe905066",
    "submitter": {
        "id": 62065,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/62065/?format=api",
        "name": "Andrei Otcheretianski",
        "email": "andrei.otcheretianski@intel.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-31-andrei.otcheretianski@intel.com/mbox/",
    "series": [
        {
            "id": 501001,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/501001/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/hostap/list/?series=501001",
            "date": "2026-04-22T12:23:05",
            "name": "Add NAN PASN pairing support",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/501001/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2226377/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2226377/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=PQfe7YfU;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=l9fEylF1;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z4C438rz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 22:26:51 +1000 (AEST)",
            "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWen-0000000A4TP-0Hnc;\n\tWed, 22 Apr 2026 12:26:17 +0000",
            "from mgamail.intel.com ([192.198.163.17])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWdw-0000000A34B-2enc\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:25:31 +0000",
            "from orviesa010.jf.intel.com ([10.64.159.150])\n  by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:23 -0700",
            "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:23 -0700"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=5yseIeP8PhqPeSiW2DAK3dF3ekXUPcu8SLINc1mMhmQ=; b=PQfe7YfUuFcVgd\n\tSZ/Hs/Bhua6P6stWoDNz3t7nvO54Ojynvx/dgRNnfk9DyVnjOa4pai8OLmXiytd09q56bLGehBH+b\n\tcG+iyjCkGe+m6C4Qf997ZJz+E0LmcGfgDYCB6MqNPKE4mLfVY2VvLM33I4VSSs5qjehSOIFbzx1qk\n\t9k2NeH1+I33zF6yzhJMi90mOIKShzRXLZfmzeenqzO8ywYdFSQum21e1WNFz3dwMDT806Awhc4SWe\n\tBsJC3RoToOe6Vn3kUnfineiuI9Ov3ohkqHDMFyWObquzXP8QW7rdOeTdVQALXP4sNUzciamGH5iAC\n\tqWCAZhbpmhqp/n9qJZWg==;",
            "v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1776860724; x=1808396724;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=aRc/s8kmQ47cZQS+nihQmU87VaBLtgq4z+xcLM8POlA=;\n  b=l9fEylF1/+ct9btvf6NsKsjll++eo6pmuYjGt0wpMOI1xjNlsU2tD7yL\n   jpmPD3CUTkUCcNU1cpKxU9uB/MRgqfUTZJM008k+u66n3bHYWBzAHJ4av\n   YdeFfx1x7nbrqtzhhzri/aY0+ddHE6CKlmDa5Smp18DaoapCMLXPFPYNv\n   dzeJvFl77vB7tywe+AtuuQj51feTLwzOEJG5jc8OMX/qIv8MGOF/LHkNT\n   joaWGPv/ibsYkJFTzWRrlfXzf8mLTw+i85oxixmGXztWgnRZJL1BYSgrS\n   vuhoPa2gTghgNFpGTHSKaB62TY5XdhSWRoG2QNjxctR10Hg6v2awEz/2Y\n   Q==;"
        ],
        "X-CSE-ConnectionGUID": [
            "k64q79X+QzW9+GIWnTwGFg==",
            "zd12V+QVRIuUJcMglogDVw=="
        ],
        "X-CSE-MsgGUID": [
            "Rzqk94DOSlKxoGS3VEwZYQ==",
            "CsQry0ELTfWxknJaNBGWlg=="
        ],
        "X-IronPort-AV": [
            "E=McAfee;i=\"6800,10657,11764\"; a=\"77687287\"",
            "E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"77687287\"",
            "E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"231444972\""
        ],
        "X-ExtLoop1": "1",
        "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>",
        "To": "hostap@lists.infradead.org",
        "Cc": "vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>",
        "Subject": "[PATCH 30/92] NAN: Add functions for deriving NPK and KEK from KDK",
        "Date": "Wed, 22 Apr 2026 15:23:21 +0300",
        "Message-ID": "<20260422122424.43776-31-andrei.otcheretianski@intel.com>",
        "X-Mailer": "git-send-email 2.53.0",
        "In-Reply-To": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>",
        "References": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>",
        "MIME-Version": "1.0",
        "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ",
        "X-CRM114-CacheID": "sfid-20260422_052524_885596_831DC26F ",
        "X-CRM114-Status": "GOOD (  18.52  )",
        "X-Spam-Score": "-4.4 (----)",
        "X-Spam-Report": "Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Avraham Stern <avraham.stern@intel.com> WiFi Aware\n specification\n    version 4.0 section 7.4.6.2 defines the derivation of the NPK for\n opportunistic\n    pairing and KEK from the KDK in a similar way, with a different label and\n    possibly a different [...]\n Content analysis details:   (-4.4 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [192.198.163.17 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.0 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender",
        "X-BeenThere": "hostap@lists.infradead.org",
        "X-Mailman-Version": "2.1.34",
        "Precedence": "list",
        "List-Id": "<hostap.lists.infradead.org>",
        "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>",
        "List-Post": "<mailto:hostap@lists.infradead.org>",
        "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>",
        "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>",
        "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"
    },
    "content": "From: Avraham Stern <avraham.stern@intel.com>\n\nWiFi Aware specification version 4.0 section 7.4.6.2 defines the\nderivation of the NPK for opportunistic pairing and KEK from the\nKDK in a similar way, with a different label and possibly a different\nlength. Add functions for deriving the NPK and the KEK from the KDK.\nUse a common function for both cases with the suitable parameters for\neach case.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n src/nan/nan_crypto.c | 156 +++++++++++++++++++++++++++++++++++++++++++\n src/nan/nan_i.h      |  11 +++\n 2 files changed, 167 insertions(+)",
    "diff": "diff --git a/src/nan/nan_crypto.c b/src/nan/nan_crypto.c\nindex 421e271010..f582830e8d 100644\n--- a/src/nan/nan_crypto.c\n+++ b/src/nan/nan_crypto.c\n@@ -42,8 +42,10 @@ static size_t nan_crypto_cipher_kek_len(enum nan_cipher_suite_id cipher)\n {\n \tswitch (cipher) {\n \tcase NAN_CS_SK_CCM_128:\n+\tcase NAN_CS_PK_PASN_128:\n \t\treturn 16;\n \tcase NAN_CS_SK_GCM_256:\n+\tcase NAN_CS_PK_PASN_256:\n \t\treturn 32;\n \tdefault:\n \t\treturn 0;\n@@ -367,3 +369,157 @@ struct wpabuf *nan_crypto_derive_nira_tag(const u8 *nik, size_t nik_len,\n \tforced_memzero(tag, sizeof(tag));\n \treturn tag_buf;\n }\n+\n+\n+/*\n+ * nan_crypto_derive_from_kdk - Derive a key from KDK using KDF-HASH-NNN\n+ *\n+ * @kdk: Key Derivation Key\n+ * @kdk_len: Length of KDK in bytes\n+ * @cipher: Cipher suite identifier (NAN_CS_PK_PASN_128 or NAN_CS_PK_PASN_256)\n+ * @label: Label string for the key derivation\n+ * @initiator_nmi: Pairing Initiator NMI address (6 bytes)\n+ * @responder_nmi: Pairing Responder NMI address (6 bytes)\n+ * @key: Buffer for the derived key\n+ * @key_len: number of bytes to derive\n+ * Returns: 0 on success, -1 on failure\n+ *\n+ * Generic function to derive a key from KDK using:\n+ * KEY = KDF-HASH-NNN(KDK, label, Initiator NMI || Responder NMI)\n+ */\n+static int nan_crypto_derive_from_kdk(const u8 *kdk, size_t kdk_len,\n+\t\t\t\t      enum nan_cipher_suite_id cipher,\n+\t\t\t\t      const char *label,\n+\t\t\t\t      const u8 *initiator_nmi,\n+\t\t\t\t      const u8 *responder_nmi, u8 *key,\n+\t\t\t\t      size_t key_len)\n+{\n+\tu8 data[ETH_ALEN * 2];\n+\tint ret = 0;\n+\n+\tif (!kdk || !label || !initiator_nmi || !responder_nmi || !key ||\n+\t    !key_len) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Invalid parameters for NPK/KEK derivation\");\n+\t\treturn -1;\n+\t}\n+\n+\t/* Concatenate: Pairing Initiator NMI || Pairing Responder NMI */\n+\tos_memcpy(data, initiator_nmi, ETH_ALEN);\n+\tos_memcpy(data + ETH_ALEN, responder_nmi, ETH_ALEN);\n+\n+\tif (cipher == NAN_CS_PK_PASN_128) {\n+\t\tret = sha256_prf(kdk, kdk_len, label, data, sizeof(data), key,\n+\t\t\t\t key_len);\n+\t} else if (cipher == NAN_CS_PK_PASN_256) {\n+\t\tret = sha384_prf(kdk, kdk_len, label, data, sizeof(data), key,\n+\t\t\t\t key_len);\n+\t} else {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Unsupported cipher suite for key derivation: %d\",\n+\t\t\t   cipher);\n+\t\treturn -1;\n+\t}\n+\n+\tif (ret) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: NPK/KEK derivation failed (ret=%d)\", ret);\n+\t\treturn ret;\n+\t}\n+\n+\twpa_hexdump_key(MSG_DEBUG, \"NAN: KDK\", kdk, kdk_len);\n+\twpa_printf(MSG_DEBUG, \"NAN: Label: %s\", label);\n+\twpa_hexdump_key(MSG_DEBUG, \"NAN: Initiator NMI\", initiator_nmi,\n+\t\t\tETH_ALEN);\n+\twpa_hexdump_key(MSG_DEBUG, \"NAN: Responder NMI\", responder_nmi,\n+\t\t\tETH_ALEN);\n+\twpa_hexdump_key(MSG_DEBUG, \"NAN: Derived key\", key, key_len);\n+\n+\treturn 0;\n+}\n+\n+\n+/*\n+ * nan_crypto_derive_npk - Derive NPK from NM-KDK for opportunistic pairing\n+ *\n+ * @kdk: NM-KDK (NAN Master Key Derivation Key)\n+ * @kdk_len: Length of KDK in bytes\n+ * @cipher: Cipher suite identifier (NAN_CS_PK_PASN_128 or NAN_CS_PK_PASN_256)\n+ * @initiator_nmi: Pairing Initiator NMI address (6 bytes)\n+ * @responder_nmi: Pairing Responder NMI address (6 bytes)\n+ * @buf: Buffer for the derived NPK\n+ * @buf_len: Length of the buffer  (must be 32 bytes)\n+ * Returns: 0 on success, -1 on failure\n+ *\n+ * NPK = KDF-HASH-256(NM-KDK, \"NAN Opportunistic NPK Derivation\",\n+ *                    Pairing Initiator NMI || Pairing Responder NMI)\n+ *\n+ * Note: It is unclear whether KDF-HASH-256 means that SHA-256 must be used as\n+ * the hash algorithm, or the hash algorithm is determined by the cipher suite.\n+ * Usually, NCS-PK-PASN-128 cipher comes with SHA-256 and NCS-PK-PASN-256 with\n+ * SHA-384 as defined in Wi-Fi Aware Specification v4.0, section 7.1.2. But for\n+ * opportunistic pairing, section 7.6.4.3 specifies KDF-HASH-256 only for NPK\n+ * derivation. Does this mean that SHA-256 must be used? In IEEE 802.11-2024,\n+ * section 12.13.8, where KDF-HASH-NNN is defined, NNN is the number of bits to\n+ * derive, not the hash function. Therefore, we follow the latter\n+ * interpretation and use the hash function corresponding to the cipher suite.\n+ */\n+int nan_crypto_derive_npk(const u8 *kdk, size_t kdk_len,\n+\t\t\t  enum nan_cipher_suite_id cipher,\n+\t\t\t  const u8 *initiator_nmi, const u8 *responder_nmi,\n+\t\t\t  u8 *buf, size_t buf_len)\n+{\n+\tconst char *label = \"NAN Opportunistic NPK Derivation\";\n+\n+\twpa_printf(MSG_DEBUG, \"NAN: Deriving NPK from NM-KDK\");\n+\n+\tif (buf_len < NAN_NPK_LEN) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: NPK buffer too small: %zu bytes\",\n+\t\t\t   buf_len);\n+\t\treturn -1;\n+\t}\n+\n+\treturn nan_crypto_derive_from_kdk(kdk, kdk_len, cipher, label,\n+\t\t\t\t\t  initiator_nmi, responder_nmi,\n+\t\t\t\t\t  buf, buf_len);\n+}\n+\n+\n+/*\n+ * nan_crypto_derive_kek - Derive KEK from NM-KDK\n+ *\n+ * @kdk: NM-KDK (NAN Master Key Derivation Key)\n+ * @kdk_len: Length of KDK in bytes\n+ * @cipher: Cipher suite identifier (NAN_CS_PK_PASN_128 or NAN_CS_PK_PASN_256)\n+ * @initiator_nmi: Pairing Initiator NMI address (6 bytes)\n+ * @responder_nmi: Pairing Responder NMI address (6 bytes)\n+ * @ptk: Buffer for the derived KEK\n+ * Returns: 0 on success, -1 on failure\n+ *\n+ * KEK = KDF-HASH-NNN(NM-KDK, \"NAN Management KEK Derivation\",\n+ *                    Pairing Initiator NMI || Pairing Responder NMI)\n+ */\n+int nan_crypto_derive_kek(const u8 *kdk, size_t kdk_len,\n+\t\t\t  enum nan_cipher_suite_id cipher,\n+\t\t\t  const u8 *initiator_nmi, const u8 *responder_nmi,\n+\t\t\t  struct wpa_ptk *ptk)\n+{\n+\tconst char *label = \"NAN Management KEK Derivation\";\n+\n+\twpa_printf(MSG_DEBUG, \"NAN: Deriving KEK from NM-KDK\");\n+\n+\tif (cipher != NAN_CS_PK_PASN_128 &&\n+\t    cipher != NAN_CS_PK_PASN_256) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Unsupported cipher suite for KEK derivation: %d\",\n+\t\t\t   cipher);\n+\t\treturn -1;\n+\t}\n+\n+\tptk->kek_len = nan_crypto_cipher_kek_len(cipher);\n+\n+\treturn nan_crypto_derive_from_kdk(kdk, kdk_len, cipher, label,\n+\t\t\t\t\t  initiator_nmi, responder_nmi,\n+\t\t\t\t\t  ptk->kek, ptk->kek_len);\n+}\ndiff --git a/src/nan/nan_i.h b/src/nan/nan_i.h\nindex e48f4136da..07fa7a0e85 100644\n--- a/src/nan/nan_i.h\n+++ b/src/nan/nan_i.h\n@@ -23,6 +23,7 @@ struct nan_config;\n #define NAN_KCK_MAX_LEN 24\n #define NAN_KEK_MAX_LEN 32\n #define NAN_TK_MAX_LEN  32\n+#define NAN_NPK_LEN  32\n \n #define NAN_IE_MAX_SIZE 1024\n \n@@ -718,6 +719,16 @@ int nan_crypto_calc_auth_token(enum nan_cipher_suite_id cipher,\n \t\t\t       const u8 *buf, size_t len, u8 *token);\n int nan_crypto_key_mic(const u8 *buf, size_t len, const u8 *kck,\n \t\t       size_t kck_len, u8 cipher, u8 *mic);\n+int nan_crypto_derive_npk(const u8 *kdk, size_t kdk_len,\n+\t\t\t  enum nan_cipher_suite_id cipher,\n+\t\t\t  const u8 *initiator_nmi, const u8 *responder_nmi,\n+\t\t\t  u8 *buf, size_t buf_len);\n+int nan_crypto_derive_kek(const u8 *kdk, size_t kdk_len,\n+\t\t\t  enum nan_cipher_suite_id cipher,\n+\t\t\t  const u8 *initiator_nmi, const u8 *responder_nmi,\n+\t\t\t  struct wpa_ptk *ptk);\n+\n+\n void nan_sec_reset(struct nan_data *nan, struct nan_ndp_sec *ndp_sec);\n int nan_sec_rx(struct nan_data *nan, struct nan_peer *peer,\n \t       struct nan_msg *msg);\n",
    "prefixes": [
        "30/92"
    ]
}