{"id":2229840,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2229840/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-35-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.1/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260428200639.40243-35-andrei.otcheretianski@intel.com>","date":"2026-04-28T20:05:35","name":"[34/97] NAN: Implement spec-compliant security strength comparison","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"7125f70696decc0f01ed7cf0cde3257f14b10a34","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.1/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-35-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501927,"url":"http://patchwork.ozlabs.org/api/1.1/series/501927/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501927","date":"2026-04-28T20:05:05","name":"NAN: Group keys support, schedule update and more","version":1,"mbox":"http://patchwork.ozlabs.org/series/501927/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2229840/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2229840/checks/","tags":{},"headers":{"Return-Path":"\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=aV8yh1dZ;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=Yfw5l6u4;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4s4v2Z0gz1xrS\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:10:55 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHolB-00000002G4N-0WVL;\n\tTue, 28 Apr 2026 20:10:21 +0000","from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoj3-00000002CcZ-2vr5\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:08:23 +0000","from fmviesa001.fm.intel.com ([10.60.135.141])\n  by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:08:08 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:08:06 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=h/3t4KdZGwDomYXAYnPph/rdTVlMCGF+QkXtFD63P1Q=; b=aV8yh1dZVtQaqi\n\tua4NVlusfvEViA4DATlENsmscRjvOcyE7yLGTcTlYff5bRK8jPZvLqJieEC3/PPkkB5rgPFwVNXmT\n\tR4MJoauVEHeyFVj4hmQVefEuXSHwVEIQ91oqQxX0sM0G+rGBjWp/lsCzsznh4kd2GVndBTMFHu1mm\n\tE4vT3HYg3WdB/AmpGHlqeU/MZT0FAoBw0NUtGCXf9PyyGNGgxHUXByJU06Fr3GEGGOJ/r6WGG1IPC\n\tsjm2jHLRvHlPVZyDRCOmMj4e963/L9gYz8NFnUyN8UqpEQppidOL73MRjmp/sYgn8207sldNoWTg7\n\tU8XrasFSb2e+OWT99XaA==;","v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1777406890; x=1808942890;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=8B+Ie/0VjePI66HN17X5lIq5LlVdxjP+U5Aks6rkJic=;\n  b=Yfw5l6u4myaOtJaVCH77ZSKRT35Fh4SlDvZ6RhgaoGfECZxHqIPcUJ+z\n   WMBTCNjQwltBp940FdmqDHtT74K0norNN7lyGpoL+ZQZoTdr/xb3PDIvO\n   1DOzeE8RfNent0a9YcUoC8oSOIDvF29NHo7PWViualF+ZLYts0dxp7x0v\n   C0HnpifNhZTmtAuYAzEhlTMP7Xwn0dqQrx90acWFiRQbk5Tv+539ZteDi\n   bkAI/xmBHZ+CPVOmi/w+/0UPsBOUt2UKUhhTluKdpEFohtg7dFMw8kK90\n   zbuyAOF5++KI6IEbdorkGFvl4UdAOuWlSy0m9G60Nzhv04WzrbzEMOAxI\n   A==;"],"X-CSE-ConnectionGUID":["6TpISSpzQMGF67ZCOE0Qvw==","dHNdixoYRTWBkVfwlJ4d7g=="],"X-CSE-MsgGUID":["4Ss4Gr3NTBiqFHOJiZ1mkg==","GVHYMBlDTLWgea+l1NSPtA=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11770\"; a=\"78519390\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"78519390\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"257610262\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski <andrei.otcheretianski@intel.com>","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAndrei Otcheretianski <andrei.otcheretianski@intel.com>","Subject":"[PATCH 34/97] NAN: Implement spec-compliant security strength\n comparison","Date":"Tue, 28 Apr 2026 23:05:35 +0300","Message-ID":"<20260428200639.40243-35-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","References":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260428_130810_040661_6FF690D6 ","X-CRM114-Status":"GOOD (  19.94  )","X-Spam-Score":"-4.5 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  Per Wi-Fi Aware Specification v4.0 section 7.4, implement\n   proper security strength ordering for NDP security upgrade scenarios. The\n   spec defines the following strength ordering (highest to lowest): -\n NCS-PK-PASN-256\n    using a password (SAE) - NCS-PK-PASN-128 using a password (SAE) -\n NCS-SK-256\n    using a PSK/Passphrase - NCS-SK-128 using a PSK/Passphrase -\n NCS-PK-PASN-256\n    using opportunistic bootstra [...]\n Content analysis details:   (-4.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [198.175.65.16 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<hostap.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/hostap/>","List-Post":"<mailto:hostap@lists.infradead.org>","List-Help":"<mailto:hostap-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" <hostap-bounces@lists.infradead.org>","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"Per Wi-Fi Aware Specification v4.0 section 7.4, implement proper security\nstrength ordering for NDP security upgrade scenarios. The spec defines\nthe following strength ordering (highest to lowest):\n\n- NCS-PK-PASN-256 using a password (SAE)\n- NCS-PK-PASN-128 using a password (SAE)\n- NCS-SK-256 using a PSK/Passphrase\n- NCS-SK-128 using a PSK/Passphrase\n- NCS-PK-PASN-256 using opportunistic bootstrapping (PASN)\n- NCS-PK-PASN-128 using opportunistic bootstrapping (PASN)\n- No security\n\nTo distinguish between password and opportunistic pairing, store the\nAKMP which was used for pairing.\n\nAdd nan_sec_get_strength() to compute numeric strength levels considering\nboth the cipher suite ID and the authentication method (SAE vs PASN).\nUpdate nan_sec_ndp_store_keys() to use this strength comparison when\ndeciding whether to update security keys.\n\nSigned-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>\n---\n src/nan/nan_i.h       |  5 +++\n src/nan/nan_pairing.c |  1 +\n src/nan/nan_sec.c     | 72 ++++++++++++++++++++++++++++++++++++++-----\n 3 files changed, 70 insertions(+), 8 deletions(-)","diff":"diff --git a/src/nan/nan_i.h b/src/nan/nan_i.h\nindex 748120aa25..1d6956986b 100644\n--- a/src/nan/nan_i.h\n+++ b/src/nan/nan_i.h\n@@ -302,6 +302,8 @@ struct nan_elem_container_entry {\n  * @pmk: PMK shared with the peer\n  * @pmkid: PMKID shared with the peer\n  * @ptk: PTK shared with the peer\n+ * @pairing_akmp: AKMP used for the pairing (see See WPA_KEY_MGMT_*) or\n+ * \tzero if PASN pairing was not used for NDP establishment.\n  */\n struct nan_peer_sec_info_entry {\n \tstruct dl_list list;\n@@ -313,6 +315,7 @@ struct nan_peer_sec_info_entry {\n \tu8 pmk[PMK_LEN];\n \tu8 pmkid[PMKID_LEN];\n \tstruct nan_ptk ptk;\n+\tint pairing_akmp;\n };\n \n /**\n@@ -503,6 +506,7 @@ enum nan_pairing_role {\n  * @flags: Bitmap of pairing flags. See NAN_PAIRING_FLAG_*\n  * @pending_auth1: Pending PASN Authentication frame 1 to be processed\n  * @pairing_csid: Cipher suite ID used for the pairing\n+ * @pairing_akmp: AKMP used for the pairing. See WPA_KEY_MGMT_*.\n  */\n struct nan_pairing_peer_data {\n \tstruct nan_pairing_cfg pairing_cfg;\n@@ -516,6 +520,7 @@ struct nan_pairing_peer_data {\n \tu32 flags;\n \tstruct wpabuf *pending_auth1;\n \tenum nan_cipher_suite_id pairing_csid;\n+\tint pairing_akmp;\n };\n \n /**\ndiff --git a/src/nan/nan_pairing.c b/src/nan/nan_pairing.c\nindex 938925eacf..00df9d5b96 100644\n--- a/src/nan/nan_pairing.c\n+++ b/src/nan/nan_pairing.c\n@@ -602,6 +602,7 @@ static void nan_pairing_done(struct nan_data *nan_data, struct nan_peer *peer)\n \n \tpeer->pairing.pairing_csid = cipher == WPA_CIPHER_GCMP_256 ?\n \t\tNAN_CS_PK_PASN_256 : NAN_CS_PK_PASN_128;\n+\tpeer->pairing.pairing_akmp = pasn_get_akmp(pasn);\n \n \tif (!nan_data->cfg->pairing_cfg.npk_caching ||\n \t    !peer->pairing.pairing_cfg.npk_caching ||\ndiff --git a/src/nan/nan_sec.c b/src/nan/nan_sec.c\nindex 768a8268b0..7c509b672c 100644\n--- a/src/nan/nan_sec.c\n+++ b/src/nan/nan_sec.c\n@@ -1416,6 +1416,44 @@ int nan_sec_pre_tx(struct nan_data *nan, struct nan_peer *peer,\n }\n \n \n+/*\n+ * nan_sec_get_strength - Get security strength level for a cipher suite\n+ *\n+ * Per Wi-Fi Aware Specification v4.0 section 7.4, security strength ordering\n+ * (from highest to lowest):\n+ * - CSID 8 (NCS-PK-PASN-256) using a password (SAE)\n+ * - CSID 7 (NCS-PK-PASN-128) using a password (SAE)\n+ * - CSID 2 (NCS-SK-256) using a PSK/Passphrase\n+ * - CSID 1 (NCS-SK-128) using a PSK/Passphrase\n+ * - CSID 8 (NCS-PK-PASN-256) using opportunistic bootstrapping (PASN)\n+ * - CSID 7 (NCS-PK-PASN-128) using opportunistic bootstrapping (PASN)\n+ * - No security\n+ *\n+ * @csid: Cipher suite ID\n+ * @pairing_akmp: AKMP used for pairing (to distinguish SAE vs opportunistic)\n+ *\n+ * Returns: Security strength level (higher = stronger), 0 for no security\n+ */\n+static int nan_sec_get_strength(enum nan_cipher_suite_id csid, int pairing_akmp)\n+{\n+\tbool is_opportunistic = pairing_akmp == WPA_KEY_MGMT_PASN;\n+\n+\tswitch (csid) {\n+\tcase NAN_CS_PK_PASN_256:\n+\t\treturn is_opportunistic ? 2 : 6;\n+\tcase NAN_CS_PK_PASN_128:\n+\t\treturn is_opportunistic ? 1 : 5;\n+\tcase NAN_CS_SK_GCM_256:\n+\t\treturn 4;\n+\tcase NAN_CS_SK_CCM_128:\n+\t\treturn 3;\n+\tcase NAN_CS_NONE:\n+\tdefault:\n+\t\treturn 0;\n+\t}\n+}\n+\n+\n /*\n  * nan_sec_ndp_store_keys - Store the NDP keys after successful NDP\n  * establishment\n@@ -1433,6 +1471,8 @@ bool nan_sec_ndp_store_keys(struct nan_data *nan, struct nan_peer *peer,\n \tstruct nan_ndp *ndp = peer->ndp_setup.ndp;\n \tstruct nan_ndp_sec *ndp_sec = &peer->ndp_setup.sec;\n \tstruct nan_peer_sec_info_entry *cur, *next;\n+\tint new_strength, cur_strength;\n+\tint new_akmp = 0;\n \n \tif (!ndp || !ndp_sec->valid || !ndp_sec->i_csid ||\n \t    peer->ndp_setup.state != NAN_NDP_STATE_DONE)\n@@ -1441,6 +1481,12 @@ bool nan_sec_ndp_store_keys(struct nan_data *nan, struct nan_peer *peer,\n \tif (!NAN_CS_IS_VALID_NDP(ndp_sec->i_csid))\n \t\treturn false;\n \n+\t/* Get AKMP for the new security association */\n+\tif (peer->pairing.flags & NAN_PAIRING_FLAG_PAIRED)\n+\t\tnew_akmp = peer->pairing.pairing_akmp;\n+\n+\tnew_strength = nan_sec_get_strength(ndp_sec->i_csid, new_akmp);\n+\n \tdl_list_for_each_safe(cur, next, &peer->info.sec,\n \t\t\t      struct nan_peer_sec_info_entry, list) {\n \t\tif (!ether_addr_equal(peer_ndi, cur->peer_ndi) ||\n@@ -1448,16 +1494,24 @@ bool nan_sec_ndp_store_keys(struct nan_data *nan, struct nan_peer *peer,\n \t\t\tcontinue;\n \n \t\t/*\n-\t\t * The security configuration should be updated if it is\n-\t\t * stronger than the existing one or equal in strength. Since\n-\t\t * GCM-256 is considered stronger than CCM-128, always update if\n-\t\t * it is the current one. Otherwise, update only if the previous\n-\t\t * one was CCMP-128.\n+\t\t * Per Wi-Fi Aware Specification v4.0 section 7.4:\n+\t\t * The security configuration should be updated if the new\n+\t\t * security strength is same or greater than the existing SA.\n+\t\t * Otherwise, the existing higher-strength SA continues to be\n+\t\t * used and any key material derived shall be discarded.\n \t\t */\n-\t\tif (ndp_sec->i_csid == NAN_CS_SK_GCM_256 ||\n-\t\t    cur->csid == NAN_CS_SK_CCM_128)\n+\t\tcur_strength = nan_sec_get_strength(cur->csid, cur->pairing_akmp);\n+\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: SEC: Comparing strength: new=%d (csid=%u, akmp=0x%x) vs cur=%d (csid=%u, akmp=0x%x)\",\n+\t\t\t   new_strength, ndp_sec->i_csid, new_akmp,\n+\t\t\t   cur_strength, cur->csid, cur->pairing_akmp);\n+\n+\t\tif (new_strength >= cur_strength)\n \t\t\tgoto store;\n \n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: SEC: New security weaker than existing, discarding keys\");\n \t\treturn false;\n \t}\n \n@@ -1476,10 +1530,12 @@ store:\n \twpa_printf(MSG_DEBUG, \"NAN: SEC: Store security information\");\n \n \tcur->csid = ndp_sec->i_csid;\n+\tif (peer->pairing.flags & NAN_PAIRING_FLAG_PAIRED)\n+\t\tcur->pairing_akmp = peer->pairing.pairing_akmp;\n+\n \tos_memcpy(cur->pmkid, ndp_sec->i_pmkid, PMKID_LEN);\n \tos_memcpy(cur->pmk, ndp_sec->pmk, PMK_LEN);\n \tos_memcpy(&cur->ptk, &ndp_sec->ptk, sizeof(cur->ptk));\n-\n \treturn true;\n }\n \n","prefixes":["34/97"]}