Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2226383,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/2226383/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-36-andrei.otcheretianski@intel.com/",
    "project": {
        "id": 22,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/22/?format=api",
        "name": "HostAP Development",
        "link_name": "hostap",
        "list_id": "hostap.lists.infradead.org",
        "list_email": "hostap@lists.infradead.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260422122424.43776-36-andrei.otcheretianski@intel.com>",
    "list_archive_url": null,
    "date": "2026-04-22T12:23:26",
    "name": "[35/92] NAN: Send NIK after successful pairing",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "02c28379d37d5ca6c94361488e7d57650ca7dc1b",
    "submitter": {
        "id": 62065,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/62065/?format=api",
        "name": "Andrei Otcheretianski",
        "email": "andrei.otcheretianski@intel.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-36-andrei.otcheretianski@intel.com/mbox/",
    "series": [
        {
            "id": 501001,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/501001/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/hostap/list/?series=501001",
            "date": "2026-04-22T12:23:05",
            "name": "Add NAN PASN pairing support",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/501001/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2226383/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2226383/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=tlAdet2G;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=VIjlfa7K;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z4s5Z2kz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 22:27:25 +1000 (AEST)",
            "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWfG-0000000A5A7-065K;\n\tWed, 22 Apr 2026 12:26:46 +0000",
            "from mgamail.intel.com ([192.198.163.17])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWe7-0000000A3P1-0pEE\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:25:42 +0000",
            "from orviesa010.jf.intel.com ([10.64.159.150])\n  by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:31 -0700",
            "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:31 -0700"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=jvlKqTV4baZawyU/+Fy9eJCNuz6xop3gt9UaPiXGyb4=; b=tlAdet2Gl6fJjg\n\t1/T+QKTjI3FfjJUrnSzeuSS4jFfVlaEt7jOMMP7ZZKY9XcK/gDsPuGaUbaqv2RLUGS9u52HX1/Fta\n\tbcRMWEEAEynqIwTrWcyxSnWf78zAB9dW8imJLsRqtU5lzcQ9aagtoAf6BuE7Hiuo0zXONdVc0Rjwv\n\t19oHCsvRIqXZ0guuu5IeiPVBshqJAV6vUa1TI1Bp5GdOgJHSMJZtBy2lEbTTFZ8HN2mhtWq0JJK/c\n\tqQBmV+mj4iiW9vQUOeMKcDpvLA3udCaVLnxtUSunKGxPZ/qIBRdnj28G5TMmS+z8MK6N1iHnSVytx\n\tr228PPmRcZrq1l5toMpg==;",
            "v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1776860735; x=1808396735;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=b0aGOu3jSzypoZexu9pO8Xm7pkUdUiXfsc7xmUZfIOc=;\n  b=VIjlfa7KnTvCt6RGVef4oJq90WHY2fG/1jX3aTycxNGwvSiXPIJxBrws\n   +rIs3flcPSJUVrK66xYbyNhTHWTWpyXnYsRietx7wtotCrEpuRdUztf/M\n   2Na49jHcFk7+jn86EvrsWVZpfFvcm+oUUk8ejHcUdzQggSxtt5GlOj4TX\n   gEeX+XpkK4VaoOp/7358X4BXRORA29uZ5Ulm4I4UVcHi5TNjG1DyPLum3\n   xnIobT3Cq/0AYqIM/QkgUZ/3sOmsTs0fybq3ZqYlRwewJ57eqP60t5TNt\n   13HMMpkpTjPmIJxCQH8TitfhvYCI0t/WCovU3kZSWGIDlhiXeRbLW2mPV\n   A==;"
        ],
        "X-CSE-ConnectionGUID": [
            "svHFhn6URnKi5nQ84bxu3A==",
            "ppqxIp1xRtqas9jKh87/Sw=="
        ],
        "X-CSE-MsgGUID": [
            "eeRXqI+ZTCGrj+HbSFhUQQ==",
            "G1uXgomiRTGE6PQgPEoobQ=="
        ],
        "X-IronPort-AV": [
            "E=McAfee;i=\"6800,10657,11764\"; a=\"77687316\"",
            "E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"77687316\"",
            "E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"231444996\""
        ],
        "X-ExtLoop1": "1",
        "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>",
        "To": "hostap@lists.infradead.org",
        "Cc": "vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>",
        "Subject": "[PATCH 35/92] NAN: Send NIK after successful pairing",
        "Date": "Wed, 22 Apr 2026 15:23:26 +0300",
        "Message-ID": "<20260422122424.43776-36-andrei.otcheretianski@intel.com>",
        "X-Mailer": "git-send-email 2.53.0",
        "In-Reply-To": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>",
        "References": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>",
        "MIME-Version": "1.0",
        "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ",
        "X-CRM114-CacheID": "sfid-20260422_052535_445629_47F95A8F ",
        "X-CRM114-Status": "GOOD (  16.16  )",
        "X-Spam-Score": "-4.4 (----)",
        "X-Spam-Report": "Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Avraham Stern <avraham.stern@intel.com> When NPK\n caching\n    is enabled,\n send a followup message with the NIK from the pairing initiator\n    to the pairing responder after pairing is completed. Signed-off-by:\n Avraham\n    Stern <avraham.stern@intel.com> --- src/nan/nan_pairing.c | 156\n ++++++++++++++++++++++++++++++++++++++++++\n    1 file changed, 156 insertions(+)\n Content analysis details:   (-4.4 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [192.198.163.17 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.0 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender",
        "X-BeenThere": "hostap@lists.infradead.org",
        "X-Mailman-Version": "2.1.34",
        "Precedence": "list",
        "List-Id": "<hostap.lists.infradead.org>",
        "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>",
        "List-Post": "<mailto:hostap@lists.infradead.org>",
        "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>",
        "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>",
        "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"
    },
    "content": "From: Avraham Stern <avraham.stern@intel.com>\n\nWhen NPK caching is enabled, send a followup message with the NIK\nfrom the pairing initiator to the pairing responder after pairing\nis completed.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n src/nan/nan_pairing.c | 156 ++++++++++++++++++++++++++++++++++++++++++\n 1 file changed, 156 insertions(+)",
    "diff": "diff --git a/src/nan/nan_pairing.c b/src/nan/nan_pairing.c\nindex 9a60743117..01d0720f21 100644\n--- a/src/nan/nan_pairing.c\n+++ b/src/nan/nan_pairing.c\n@@ -506,6 +506,149 @@ static void nan_pairing_done(struct nan_data *nan_data, struct nan_peer *peer)\n }\n \n \n+static void nan_add_kde_hdr(struct wpabuf *buf, u32 kde, size_t data_len)\n+{\n+\twpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);\n+\twpabuf_put_u8(buf, RSN_SELECTOR_LEN + data_len);\n+\tRSN_SELECTOR_PUT(wpabuf_put(buf, RSN_SELECTOR_LEN), kde);\n+}\n+\n+\n+/*\n+ * nan_nik_build_key_data - Build NAN Identity Key (NIK) key data buffer\n+ *\n+ * @nan_data: Pointer to NAN data structure containing configuration\n+ *\n+ * This function constructs a buffer containing NAN key data elements including:\n+ * - NIK KDE (Key Data Encapsulation) with cipher version and NIK value\n+ * - Key Lifetime KDE indicating the NIK key lifetime\n+ *\n+ * Returns: Pointer to allocated wpabuf containing the key data, or NULL\n+ *\ton failure.\n+ * Note: Caller is responsible for freeing the returned buffer\n+ */\n+static struct wpabuf *nan_nik_build_key_data(struct nan_data *nan_data)\n+{\n+\tstruct wpabuf *buf;\n+\n+\tbuf = wpabuf_alloc(KDE_HDR_LEN + sizeof(struct nan_nik_kde) +\n+\t\t\t   KDE_HDR_LEN + sizeof(struct nan_key_lifetime_kde));\n+\tif (!buf)\n+\t\treturn NULL;\n+\n+\tnan_add_kde_hdr(buf, NAN_KEY_DATA_NIK, sizeof(struct nan_nik_kde));\n+\twpabuf_put_u8(buf, NAN_NIRA_CIPHER_VER_128);\n+\twpabuf_put_data(buf, nan_data->cfg->nik, sizeof(nan_data->cfg->nik));\n+\n+\tnan_add_kde_hdr(buf, NAN_KEY_DATA_LIFETIME,\n+\t\t\tsizeof(struct nan_key_lifetime_kde));\n+\twpabuf_put_le16(buf, NAN_KEY_LIFETIME_NIK);\n+\twpabuf_put_be32(buf, nan_data->cfg->nik_lifetime);\n+\n+\treturn buf;\n+}\n+\n+\n+/**\n+ * nan_send_nik - Send NAN Identity Key (NIK) to a peer\n+ *\n+ * @nan_data: Pointer to NAN data structure containing configuration and state\n+ * @peer: Pointer to the NAN peer structure to send the NIK to\n+ *\n+ * This function sends the NAN Identity Key (NIK) and the NIK lifetime to a peer\n+ * device as part of the NAN pairing process. The NIK is encrypted using the KEK\n+ * (Key Encryption Key) derived from PASN and sent in a Shared Key Descriptor\n+ * Attribute (SKDA) within a follow-up message.\n+ *\n+ * Returns: 0 on success, -1 in case NPK caching is disabled or an error\n+ */\n+static int nan_send_nik(struct nan_data *nan_data, struct nan_peer *peer)\n+{\n+\tstruct wpabuf *skda, *key_data;\n+\tstruct wpa_eapol_key *key_desc;\n+\tu16 info, key_len;\n+\tint ret;\n+\tstruct wpabuf *encrypted_key_data = NULL;\n+\tsize_t skda_len;\n+\n+\tif (!nan_data->cfg->pairing_cfg.npk_caching) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Pairing: Local NPK caching not enabled, don't send NIK\");\n+\t\treturn 0;\n+\t}\n+\n+\tif (!peer->pairing.pairing_cfg.npk_caching) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Pairing: Peer NPK caching not enabled, don't send NIK\");\n+\t\treturn 0;\n+\t}\n+\n+\tif (!peer->pairing.pasn || !peer->pairing.pasn->ptk.kek_len) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Pairing: KEK not available for NIK encryption\");\n+\t\treturn -1;\n+\t}\n+\n+\tkey_data = nan_nik_build_key_data(nan_data);\n+\tif (!key_data) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Pairing: Failed to build NIK key data\");\n+\t\treturn -1;\n+\t}\n+\n+\t/* Encrypt the key data using the KEK from the PASN data */\n+\tencrypted_key_data =\n+\t    nan_crypto_encrypt_key_data(key_data, peer->pairing.pasn->ptk.kek,\n+\t\t\t\t\tpeer->pairing.pasn->ptk.kek_len);\n+\twpabuf_clear_free(key_data);\n+\tif (!encrypted_key_data) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Pairing: Failed to encrypt NIK key data\");\n+\t\treturn -1;\n+\t}\n+\n+\tskda_len = sizeof(struct nan_shared_key) +\n+\t\t   sizeof(struct wpa_eapol_key) + 2 +\n+\t\t   wpabuf_len(encrypted_key_data);\n+\n+\tskda = wpabuf_alloc(NAN_ATTR_HDR_LEN + skda_len);\n+\tif (!skda) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Pairing: Failed to allocate SKDA buffer\");\n+\t\twpabuf_free(encrypted_key_data);\n+\t\treturn -1;\n+\t}\n+\n+\twpabuf_put_u8(skda, NAN_ATTR_SHARED_KEY_DESCR);\n+\twpabuf_put_le16(skda, skda_len);\n+\twpabuf_put_u8(skda, peer->pairing.handle);\n+\n+\tkey_desc = wpabuf_put(skda, sizeof(*key_desc));\n+\tos_memset(key_desc, 0, sizeof(*key_desc));\n+\n+\tkey_desc->type = NAN_KEY_DESC;\n+\tinfo = WPA_KEY_INFO_TYPE_AKM_DEFINED | WPA_KEY_INFO_KEY_TYPE |\n+\t\tWPA_KEY_INFO_ACK | WPA_KEY_INFO_ENCR_KEY_DATA;\n+\tWPA_PUT_BE16(key_desc->key_info, info);\n+\n+\tkey_len = wpa_cipher_key_len(peer->pairing.pasn->cipher);\n+\tWPA_PUT_BE16(key_desc->key_length, key_len);\n+\n+\twpabuf_put_be16(skda, wpabuf_len(encrypted_key_data));\n+\twpabuf_put_buf(skda, encrypted_key_data);\n+\n+\tret = nan_data->cfg->transmit_followup(nan_data->cfg->cb_ctx,\n+\t\t\t\t\t       peer->nmi_addr, skda,\n+\t\t\t\t\t       peer->pairing.handle,\n+\t\t\t\t\t       peer->pairing.peer_instance_id);\n+\n+\twpabuf_free(encrypted_key_data);\n+\twpabuf_free(skda);\n+\n+\treturn ret;\n+}\n+\n+\n /*\n  * nan_pairing_pasn_auth_tx_status - Handle PASN authentication frame TX status\n  *\n@@ -554,6 +697,19 @@ int nan_pairing_pasn_auth_tx_status(struct nan_data *nan, const u8 *data,\n \t\t}\n \n \t\tnan_pairing_done(nan, peer);\n+\n+\t\t/*\n+\t\t * Allow the peer to install the keys before transmitting the\n+\t\t * follow up\n+\t\t */\n+\t\tos_sleep(0, 30000);\n+\n+\t\tif (nan_send_nik(nan, peer) < 0) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t   \"NAN: Pairing: Failed to send NIK\");\n+\t\t\tnan_pairing_deinit_peer(peer);\n+\t\t\treturn -1;\n+\t\t}\n \t}\n \n \twpabuf_free(pasn->frame);\n",
    "prefixes": [
        "35/92"
    ]
}