{"id":2229826,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2229826/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-22-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.1/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260428200639.40243-22-andrei.otcheretianski@intel.com>","date":"2026-04-28T20:05:22","name":"[21/97] NAN: Add security cabapilities to NAN module","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"0faf360e30a6c6e074ad0fb6536d9ec75a04df43","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.1/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-22-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501927,"url":"http://patchwork.ozlabs.org/api/1.1/series/501927/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501927","date":"2026-04-28T20:05:05","name":"NAN: Group keys support, schedule update and more","version":1,"mbox":"http://patchwork.ozlabs.org/series/501927/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2229826/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2229826/checks/","tags":{},"headers":{"Return-Path":"\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=jn5tM3sO;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=a7ODyPB0;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4s3N1jw0z1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:09:36 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHojr-00000002EHG-2oyA;\n\tTue, 28 Apr 2026 20:08:59 +0000","from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoih-00000002Cfh-1Rje\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:07:48 +0000","from fmviesa001.fm.intel.com ([10.60.135.141])\n  by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:07:48 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:07:46 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=x1EieYjT5z6qeql8hf0J3PDdYDJX2yeOsf/TwOvhGw0=; b=jn5tM3sO/Ciriz\n\tKIlmS4wd5CsmqaBsUKRNpa+oNJUA89BNZM3uzGcQAp/T+/a7lQHAnf+ax4fJrmOEhXPBmR5dgUaJv\n\tBj6FHJfv/E+162ID6YoaRhpTlEK6VYskMI92zODAt7cloPuNRnT9Pkf4IXvg2K9FaipqKNCcKEfqW\n\tUX6yx7x/DzKMFJ3cxHaqcqQ/UO63/BeblaEGbgR8QPoA87DMeXyWBcVx+xD38YPa0dAyNtan0/9NE\n\tDuVf4aIOz2gQZ6g8ZTbG42AmpABrfh+qYxkv8Je/OZAM2vRVbM29XcdDVjhi7udeSWZ1GNC4M6u+Y\n\thaTV5j4gFyK9cUJHZZsA==;","v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1777406868; x=1808942868;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=L5RTseFPIlx0EGnbxyACglRISgZHIPWKgpMC6M3EZxk=;\n  b=a7ODyPB0RkRiPhH47lg2EbPZ8vCrNMsvNpx1/ih2zfB1mNjLnEH1Prup\n   JRjR7evdqlIJ07LCDaRe2+hTWqmdajuDd8WPz3jpuW3d7t0uZ0rk0m6HQ\n   kfWrqo4HEMn1XlkdX/bqE+nLEi97bFtpGB5D0JiVXk1IQ96+mvscN8WRa\n   jNfBesmcl0OToymy7H60KjjKQeiAxsIUrI6MdKVg7aFnnb/y7bhLJbgeu\n   s2vnHsY6n6GwW4xckkBdyhhXcN+1l9AdmcyvGQtyqEh8+UK9Pq+J1I1a/\n   rmIx6ex62HOtzsq+WmO2tR3vYbt3KQAVyNnLQsl0KZGT675e4bsS+dPHS\n   g==;"],"X-CSE-ConnectionGUID":["NxENSSTTQtaB3BBdvKDuDg==","s+zuYQiqRzyaZUrJiqLsaw=="],"X-CSE-MsgGUID":["w/fWzvJZR0yO2dT4fWxiNg==","ZhK7FF5tQFWONb+TFDhyhw=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11770\"; a=\"78519335\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"78519335\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"257610073\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski <andrei.otcheretianski@intel.com>","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>","Subject":"[PATCH 21/97] NAN: Add security cabapilities to NAN module","Date":"Tue, 28 Apr 2026 23:05:22 +0300","Message-ID":"<20260428200639.40243-22-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","References":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260428_130747_559676_39912BE5 ","X-CRM114-Status":"GOOD (  13.83  )","X-Spam-Score":"-4.5 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Avraham Stern <avraham.stern@intel.com> Add the\n security\n    capabilities (GTK,\n IGTK and BIGTK support) to the NAN module. These capabilities\n    depend on driver capabilities. Add this information to the CSIA\n capabilities\n    field in pairing negotiat [...]\n Content analysis details:   (-4.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [198.175.65.16 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<hostap.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/hostap/>","List-Post":"<mailto:hostap@lists.infradead.org>","List-Help":"<mailto:hostap-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" <hostap-bounces@lists.infradead.org>","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Avraham Stern <avraham.stern@intel.com>\n\nAdd the security capabilities (GTK, IGTK and BIGTK support) to the\nNAN module. These capabilities depend on driver capabilities.\nAdd this information to the CSIA capabilities field in pairing\nnegotiation and NDP setup.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n src/nan/nan.h         | 3 +++\n src/nan/nan_pairing.c | 6 +-----\n src/nan/nan_sec.c     | 4 ++--\n 3 files changed, 6 insertions(+), 7 deletions(-)","diff":"diff --git a/src/nan/nan.h b/src/nan/nan.h\nindex a999a6582c..979fb66c14 100644\n--- a/src/nan/nan.h\n+++ b/src/nan/nan.h\n@@ -449,6 +449,9 @@ struct nan_config {\n \t */\n \tu16 bootstrap_comeback_timeout;\n \n+\t/* Security capabilities. See Table 122, capabilities field */\n+\tu8 security_capab;\n+\n \t/**\n \t * start - Start NAN\n \t * @ctx: Callback context from cb_ctx\ndiff --git a/src/nan/nan_pairing.c b/src/nan/nan_pairing.c\nindex b03ca68dac..b5608aaccd 100644\n--- a/src/nan/nan_pairing.c\n+++ b/src/nan/nan_pairing.c\n@@ -448,11 +448,7 @@ static void nan_pairing_prepare_pasn_elems(struct nan_data *nan_data,\n \n \tcs.instance_id = publish_id;\n \n-\t/*\n-\t * TODO: Get security capabilities from somewhere. For now, it doesn't\n-\t * matter as the capability field is not used in pairing anyway.\n-\t */\n-\tnan_add_csia(extra_ies, 0, 1, &cs);\n+\tnan_add_csia(extra_ies, nan_data->cfg->security_capab, 1, &cs);\n \n \tif (auth_mode == NAN_PASN_AUTH_MODE_SAE ||\n \t    auth_mode == NAN_PASN_AUTH_MODE_PASN) {\ndiff --git a/src/nan/nan_sec.c b/src/nan/nan_sec.c\nindex d3d8b90d0e..ae41019c83 100644\n--- a/src/nan/nan_sec.c\n+++ b/src/nan/nan_sec.c\n@@ -663,7 +663,7 @@ static int nan_sec_add_m1_attrs(struct nan_data *nan, struct nan_peer *peer,\n \n \t/* Initialize the initiator security state */\n \tos_get_random(ndp_sec->i_nonce, sizeof(ndp_sec->i_nonce));\n-\tndp_sec->i_capab = 0;\n+\tndp_sec->i_capab = nan->cfg->security_capab;\n \tndp_sec->i_instance_id = peer->ndp_setup.publish_inst_id;\n \n \t/* Compute the PMKID */\n@@ -950,7 +950,7 @@ int nan_sec_init_resp(struct nan_data *nan, struct nan_peer *peer)\n \n \t/* Initialize the responder's security state */\n \tos_get_random(ndp_sec->r_nonce, sizeof(ndp_sec->r_nonce));\n-\tndp_sec->r_capab = 0;\n+\tndp_sec->r_capab = nan->cfg->security_capab;\n \tndp_sec->r_instance_id = peer->ndp_setup.publish_inst_id;\n \n \tif (ndp_sec->i_instance_id != ndp_sec->r_instance_id) {\n","prefixes":["21/97"]}