{"id":2229846,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2229846/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-40-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.1/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260428200639.40243-40-andrei.otcheretianski@intel.com>","date":"2026-04-28T20:05:40","name":"[39/97] wpa_supplicant: Set the GTK for NDP response","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"707df50b11e9bfb917ebe5eac083553a76ae3df0","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.1/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-40-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501927,"url":"http://patchwork.ozlabs.org/api/1.1/series/501927/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501927","date":"2026-04-28T20:05:05","name":"NAN: Group keys support, schedule update and more","version":1,"mbox":"http://patchwork.ozlabs.org/series/501927/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2229846/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2229846/checks/","tags":{},"headers":{"Return-Path":"\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=AP0x7aqz;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=dldMVw11;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4s5X4524z1xrS\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:11:28 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoll-00000002Gs7-4BLN;\n\tTue, 28 Apr 2026 20:10:58 +0000","from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHojQ-00000002Cfh-4Bp7\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:08:53 +0000","from fmviesa001.fm.intel.com ([10.60.135.141])\n  by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:08:15 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:08:13 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=TLsnCBbqcZIjAmQKkMLzs8esx3nPTxTS9pxxaS9jI60=; b=AP0x7aqzpjVLTf\n\tmESnHIgSIx+2T77bCB1Bl64NjVN3QtXlozgi7fk6/Z7rWOBxIrxvvN86GfJzCNzhOGxjxUqpNkNcY\n\t7h38J4xEdlXnl2p/U+XOIPz7Wsl2KKDxqt5nslRivRG218vuILyDmLr2NHc0BTLPrqGbnFql8nilG\n\t/raIBfilIsgKxqa4h/h35azgCLnfbHQDVpfKZSxTslYR3v7f6rS805eXMWJk+Y2Yt4fdt4pe596Xh\n\thx5LthjNNnApxr7Ej+uRvm/BRH9/cwqzUattV30HsjlXGkMrLshyZXvPmqU4V7XuWfRsRYlqDcEeS\n\t1AZ+UhnymPbu1Sv5+ASg==;","v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1777406913; x=1808942913;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=mAbXGlhp1zjSK3HeAVZ2KZ1zu320mglSR8AJgovocoU=;\n  b=dldMVw11nWeZq1AOJYSx+KjZ0HCFkdzmboyrEb+ImsQqdemC21V3mV+I\n   bPQlbyacPs32avDLOmqg0w6VVmZkSgD8TEl60QFCypPj8mmga8t1+gRWP\n   ew/JqtrGbJYsEfp/hDAZ9fBctDB+ZshYf72tCq7BVMC0oSOSENkBXeb7q\n   15Nyd9SS023Z5QjCC1tatP4IChwbMBqBc2zq2pbOhohuwuJXeQ4zDcPub\n   x34wRfNsGGYF4vTJ5emkeLldNWgJ2dyCIDme5ZAjEwLDNk/xRRgqDLwTe\n   neNri79SEKf5UhBLRRWlDXN43FcA7Hbf9zkdhWSjtBqIJo9AYYuopchn2\n   w==;"],"X-CSE-ConnectionGUID":["WzDjMPg9TyKlBKyc952BAg==","WTEQPxLvQrSz+tDvkZh8xQ=="],"X-CSE-MsgGUID":["I3Cf+ZXDThq3pEO6+knH8A==","cSY7Bw6lRD2sffbWAQDqoA=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11770\"; a=\"78519408\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"78519408\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"257610362\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski <andrei.otcheretianski@intel.com>","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>","Subject":"[PATCH 39/97] wpa_supplicant: Set the GTK for NDP response","Date":"Tue, 28 Apr 2026 23:05:40 +0300","Message-ID":"<20260428200639.40243-40-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","References":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260428_130834_089044_77636B84 ","X-CRM114-Status":"GOOD (  17.76  )","X-Spam-Score":"-4.5 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Avraham Stern <avraham.stern@intel.com> When the NDP\n    request included a GTK cipher suite, check that the requested cipher suite\n    is supported by the service. If the NDI already has a GTK installed which\n    uses a different cipher suite, reject [...]\n Content analysis details:   (-4.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [198.175.65.16 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<hostap.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/hostap/>","List-Post":"<mailto:hostap@lists.infradead.org>","List-Help":"<mailto:hostap-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" <hostap-bounces@lists.infradead.org>","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Avraham Stern <avraham.stern@intel.com>\n\nWhen the NDP request included a GTK cipher suite, check that the\nrequested cipher suite is supported by the service.\nIf the NDI already has a GTK installed which uses a different cipher\nsuite, reject the request. Otherwise use the existing GTK or generate\na new one if needed.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n src/nan/nan.h                   |  1 +\n src/nan/nan_ndp.c               | 36 +++++++++++++++++++++++++++++++++\n wpa_supplicant/nan_supplicant.c | 33 ++++++++++++++++++++++++++++--\n 3 files changed, 68 insertions(+), 2 deletions(-)","diff":"diff --git a/src/nan/nan.h b/src/nan/nan.h\nindex 294d715bf5..0e2469d8b3 100644\n--- a/src/nan/nan.h\n+++ b/src/nan/nan.h\n@@ -824,6 +824,7 @@ int nan_set_bootstrap_configuration(struct nan_data *nan,\n struct wpabuf * nan_crypto_derive_nira_tag(const u8 *nik, size_t nik_len,\n \t\t\t\t\t   const u8 *nmi_addr,\n \t\t\t\t\t   const u8 *nira_nonce);\n+int nan_ndp_requested_gtk_csid(struct nan_data *nan, struct nan_ndp_id *ndp_id);\n #ifdef CONFIG_PASN\n int nan_pairing_add_attrs(struct nan_data *nan_data, struct wpabuf *buf);\n int nan_pairing_initiate_pasn_auth(struct nan_data *nan_data, const u8 *addr,\ndiff --git a/src/nan/nan_ndp.c b/src/nan/nan_ndp.c\nindex 9ab2cee65e..e6f790b7c6 100644\n--- a/src/nan/nan_ndp.c\n+++ b/src/nan/nan_ndp.c\n@@ -1173,3 +1173,39 @@ int nan_ndp_term_req(struct nan_data *nan, struct nan_peer *peer,\n \tpeer->ndp_setup.reason = NAN_REASON_UNSPECIFIED_REASON;\n \treturn 0;\n }\n+\n+\n+/*\n+ * nan_ndp_requested_gtk_csid - Get the GTK CSID requested by peer for NDP setup\n+ *\n+ * @nan: NAN module context from nan_init()\n+ * @ndp_id: NDP identifier\n+ *\n+ * Returns: The GTK CSID requested by peer, or NAN_CS_NONE if no matching NDP is\n+ *\tfound or GTK is not requested by peer.\n+ */\n+int nan_ndp_requested_gtk_csid(struct nan_data *nan, struct nan_ndp_id *ndp_id)\n+{\n+\tstruct nan_peer *peer;\n+\n+\tpeer = nan_get_peer(nan, ndp_id->peer_nmi);\n+\tif (!peer) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: NDP: No matching peer found for GTK CSID request\");\n+\t\treturn NAN_CS_NONE;\n+\t}\n+\n+\tif (!peer->ndp_setup.ndp ||\n+\t    peer->ndp_setup.ndp->ndp_id != ndp_id->id ||\n+\t    os_memcmp(peer->ndp_setup.ndp->init_ndi,\n+\t\t      ndp_id->init_ndi, ETH_ALEN) != 0) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: NDP: No matching NDP found for GTK CSID request\");\n+\t\treturn NAN_CS_NONE;\n+\t}\n+\n+\tif (peer->ndp_setup.state != NAN_NDP_STATE_REQ_RECV)\n+\t\treturn NAN_CS_NONE;\n+\n+\treturn peer->ndp_setup.sec.peer_gtk.csid;\n+}\ndiff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex aa29bfc021..81ae22e95a 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -2490,6 +2490,29 @@ fail:\n }\n \n \n+int wpas_nan_ndp_response_set_gtk(struct wpa_supplicant *wpa_s,\n+\t\t\t\t  struct wpa_supplicant *ndi_wpa_s,\n+\t\t\t\t  int handle, struct nan_ndp_params *ndp)\n+{\n+\tint gtk_csid;\n+\n+\tgtk_csid = nan_ndp_requested_gtk_csid(wpa_s->nan, &ndp->ndp_id);\n+\tif (!gtk_csid) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: No GTK requested by peer for NDP\");\n+\t\treturn 0;\n+\t}\n+\n+\tif (!nan_de_service_supports_csid(wpa_s->nan_de, handle, gtk_csid)) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Cannot set GTK - CSID %d not supported by service\",\n+\t\t\t   gtk_csid);\n+\t\treturn -1;\n+\t}\n+\n+\treturn wpas_nan_set_gtk(ndi_wpa_s, ndp, gtk_csid);\n+}\n+\n+\n /* Command format NAN_NDP_RESPONSE accept|reject peer_nmi=<nmi>\n    [reason_code=<reject_reason>]\n    [ndi=<ifname> handle=<service_handle> init_ndi=<ndi>\n@@ -2504,6 +2527,7 @@ int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n \tconst char *pwd = NULL, *pmk = NULL;\n \tint handle = -1;\n \tint ret = -1;\n+\tstruct wpa_supplicant *ndi_wpa_s = NULL;\n \n \tif (!wpas_nan_ndp_allowed(wpa_s))\n \t\treturn -1;\n@@ -2544,8 +2568,6 @@ int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n \t\tif (os_strcmp(token, \"reason_code\") == 0) {\n \t\t\tndp.u.resp.reason_code = atoi(pos);\n \t\t} else if (os_strcmp(token, \"ndi\") == 0) {\n-\t\t\tstruct wpa_supplicant *ndi_wpa_s;\n-\n \t\t\tndi_wpa_s = wpa_supplicant_get_iface(wpa_s->global,\n \t\t\t\t\t\t\t     pos);\n \t\t\tif (!ndi_wpa_s) {\n@@ -2682,6 +2704,13 @@ int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n \t\tgoto fail;\n \t}\n \n+\tif (ndp.u.resp.status == NAN_NDP_STATUS_ACCEPTED &&\n+\t    wpas_nan_ndp_response_set_gtk(wpa_s, ndi_wpa_s, handle, &ndp) < 0) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Failed to set GTK for NDP response\");\n+\t\tgoto fail;\n+\t}\n+\n \twpa_printf(MSG_DEBUG, \"NAN: %s NDP response for peer \" MACSTR\n \t\t   \" ndp_id=%u\",\n \t\t   ndp.u.resp.status == NAN_NDP_STATUS_ACCEPTED ?\n","prefixes":["39/97"]}