{"id":2229895,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2229895/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-88-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.1/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260428200639.40243-88-andrei.otcheretianski@intel.com>","date":"2026-04-28T20:06:28","name":"[RFC,87/97] tests: Add NAN NDP establishment with GTK, IGTK and BIGTK","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"8d90dfbe93b0b4a60417f2e86da1b093018f89c9","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.1/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-88-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501927,"url":"http://patchwork.ozlabs.org/api/1.1/series/501927/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501927","date":"2026-04-28T20:05:05","name":"NAN: Group keys support, schedule update and more","version":1,"mbox":"http://patchwork.ozlabs.org/series/501927/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2229895/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2229895/checks/","tags":{},"headers":{"Return-Path":"\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=nuZwxqPe;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=lHl6Vchf;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4sBM3P9Nz1xvV\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:15:39 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHopo-00000002MYs-1wEJ;\n\tTue, 28 Apr 2026 20:15:08 +0000","from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHokz-00000002Cfh-2zIT\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:10:15 +0000","from fmviesa001.fm.intel.com ([10.60.135.141])\n  by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:09:29 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:09:28 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=y86pYVyMI/GEK82Ph876RrJKRkTi0CRzWi5eWARNsJ8=; b=nuZwxqPed4ED89\n\tSd5+UzHx+2ozYW0pM8PDrYdXKfnmkvBnp7KxBoD5O41aQ6fR8e8/MnEvVg9poz47bBlN4r15oyxiA\n\te1mhOq20FHz36d5qZZRQ6uMjsZYO1VTPoSVcRmE/KLwzxkfcWX4PckMxLfsSskbqcYZWT08vMsIm4\n\t/mxeOhoM1Wd4tibiwvimPS0pt9EeqLqcG3z5jRYMqJrlvujUZgjiBnSI3RSoly/DbC0wloU6uA+Co\n\tN7l8TnQNN9VyJ9vD15yMlwiE+CfDsgJODOXdadDj8LuWoGsQWwNs+TL/LuQQaMBoXM3dk/gwXlM28\n\tphG9Bm9fD8QBvAViDu/Q==;","v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1777407009; x=1808943009;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=9e27Rhql7rw+NF5RLUBQ5IQ+IV/rducpuyOa5LYu19I=;\n  b=lHl6VchfzmqKXLjeRwhyJcJ3D6SGC7Jn3SNr6WzCOd/IXSGIyzLe+k9y\n   4QKCOZqw17yuvzajYo2guj81DtacQOi5WwG6FQf6DIbSaibqOSqLtorX4\n   lMw18itYVOym19k1n9sb2KwwshLZ4Fvh7KzvUS8bmsk968parnnKqUqZ4\n   fT7pHcTYM5XPglAg6sD6QKHCQVZAV5PukhE4HBCYEP/293lzWHhlzcz6T\n   SvWBgZfYYyKcU7PzTM7iXvbgcRVwveKUzGI29TcmNkp0hJ3F8u3t5IP7z\n   AN8f6zqJ6JkQUzn2k1RFI+o/kIMOBHy7KXox0j50qSWrS3erDVBDnU6l8\n   w==;"],"X-CSE-ConnectionGUID":["nnYFL/Z+SBCn+nHbS6q4SQ==","h/zXy7gJSGaY+11s4Wm7mQ=="],"X-CSE-MsgGUID":["WghOWc51SvmDcpCtT/ZzKQ==","JsueI14LQBej8p4eIlunZA=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11770\"; a=\"78519609\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"78519609\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"257610886\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski <andrei.otcheretianski@intel.com>","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tIlan Peer <ilan.peer@intel.com>","Subject":"[RFC 87/97] tests: Add NAN NDP establishment with GTK, IGTK and BIGTK","Date":"Tue, 28 Apr 2026 23:06:28 +0300","Message-ID":"<20260428200639.40243-88-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","References":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260428_131009_838061_663A6E79 ","X-CRM114-Status":"UNSURE (   9.65  )","X-CRM114-Notice":"Please train this message.","X-Spam-Score":"-4.5 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Ilan Peer <ilan.peer@intel.com> Add NAN NDP tests\n with\n    GTK,\n IGTK and BIGTK: - Pairwise CCMP with CCMP GTK and BIP-CMAC-128 as management\n    group cipher. - Pairwise GCMP-256 with GCMP-256 GTK and BIP-GMAC-256 as\n management\n    group cipher.\n Content analysis details:   (-4.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [198.175.65.16 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<hostap.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/hostap/>","List-Post":"<mailto:hostap@lists.infradead.org>","List-Help":"<mailto:hostap-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" <hostap-bounces@lists.infradead.org>","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Ilan Peer <ilan.peer@intel.com>\n\nAdd NAN NDP tests with GTK, IGTK and BIGTK:\n\n- Pairwise CCMP with CCMP GTK and BIP-CMAC-128 as management group\n  cipher.\n- Pairwise GCMP-256 with GCMP-256 GTK and BIP-GMAC-256 as management\n  group cipher.\n\nHave these tests (and others) include the pairwise csid and GTK csid\nin the publish service configuration.\n\nSigned-off-by: Ilan Peer <ilan.peer@intel.com>\n---\n tests/hwsim/test_nan.py | 57 +++++++++++++++++++++++++++++++----------\n 1 file changed, 43 insertions(+), 14 deletions(-)","diff":"diff --git a/tests/hwsim/test_nan.py b/tests/hwsim/test_nan.py\nindex 40874d4d74..93383f382c 100644\n--- a/tests/hwsim/test_nan.py\n+++ b/tests/hwsim/test_nan.py\n@@ -43,12 +43,13 @@ def check_nan_capab(dev):\n         raise HwsimSkip(f\"NAN not supported: {capa}\")\n \n class NanDevice:\n-    def __init__(self, dev, ifname, ndi_name=None, nmi_addr=None):\n+    def __init__(self, dev, ifname, ndi_name=None, nmi_addr=None, mgmt_group_cipher=None):\n         self.dev = dev\n         self.ifname = ifname\n         self.wpas = None\n         self.ndi_name = ndi_name\n         self.nmi_addr = nmi_addr\n+        self.mgmt_group_cipher = mgmt_group_cipher\n \n     def __enter__(self):\n         self.start()\n@@ -65,6 +66,8 @@ class NanDevice:\n         self.wpas = WpaSupplicant(ifname=self.ifname)\n         self.set(\"master_pref\", \"10\")\n         self.set(\"dual_band\", \"0\")\n+        if self.mgmt_group_cipher is not None:\n+            self.set(\"mgmt_group_cipher\", self.mgmt_group_cipher)\n \n         if \"OK\" not in self.wpas.request(\"NAN_START\"):\n             raise Exception(f\"Failed to start NAN functionality on {self.ifname}\")\n@@ -140,7 +143,7 @@ class NanDevice:\n \n     def ndp_request(self, ndi, handle, peer_nmi, peer_id, ssi=None,\n                     qos_slots=0, qos_latency=0xffff, csid=None, password=None,\n-                    pmk=None, interface_id=None):\n+                    pmk=None, interface_id=None, gtk_csid=None):\n         cmd = f\"NAN_NDP_REQUEST handle={handle} ndi={ndi} peer_nmi={peer_nmi} peer_id={peer_id}\"\n \n         params = [\n@@ -149,6 +152,7 @@ class NanDevice:\n             (\"password\", password),\n             (\"pmk\", pmk),\n             (\"interface_id\", interface_id),\n+            (\"gtk_csid\", gtk_csid),\n         ]\n \n         cmd += \"\".join(f\" {name}={value}\" for name, value in params if value is not None)\n@@ -161,7 +165,8 @@ class NanDevice:\n     def ndp_response(self, action, peer_nmi, ndi=None, peer_ndi=None,\n                      ndp_id=None, init_ndi=None, reason_code=None, ssi=None,\n                      qos_slots=0, qos_latency=0xffff, handle=None, csid=None,\n-                     password=None, pmk=None, interface_id=None):\n+                     password=None, pmk=None, interface_id=None,\n+                     gtk_csid=None):\n         if action not in [\"accept\", \"reject\"]:\n             raise Exception(f\"Invalid action: {action}. Must be 'accept' or 'reject'\")\n \n@@ -179,6 +184,7 @@ class NanDevice:\n             (\"password\", password),\n             (\"pmk\", pmk),\n             (\"interface_id\", interface_id),\n+            (\"gtk_csid\", gtk_csid),\n         ]\n \n         cmd += \"\".join(f\" {name}={value}\" for name, value in params if value is not None)\n@@ -1071,11 +1077,18 @@ def test_nan_sched(dev, apdev, params):\n     finally:\n         set_country(\"00\")\n \n-def _nan_discover_service(pub, sub, service_name, pssi, sssi, ttl=None):\n+def _nan_discover_service(pub, sub, service_name, pssi, sssi, ttl=None,\n+                          csid=None, gtk_csid=None):\n     paddr = pub.wpas.own_addr()\n     saddr = sub.wpas.own_addr()\n \n-    pid = pub.publish(service_name, ssi=pssi, ttl=ttl)\n+    cipher_suites = None\n+    if csid is not None:\n+        cipher_suites = f\"{csid}\"\n+        if gtk_csid is not None:\n+            cipher_suites += f\",{gtk_csid}\"\n+\n+    pid = pub.publish(service_name, ssi=pssi, ttl=ttl, cipher_suites=cipher_suites)\n     sid = sub.subscribe(service_name, ssi=sssi, active=0)\n \n     logger.info(f\"Publish ID: {pid}, Subscribe ID: {sid}\")\n@@ -1090,7 +1103,8 @@ def _nan_discover_service(pub, sub, service_name, pssi, sssi, ttl=None):\n \n def _nan_ndp_request_and_accept(pub, sub, pid, sid, paddr, saddr, req_ssi, resp_ssi, csid=None,\n                                 password=None, pmk=None, counter=False, wrong_pwd=False,\n-                                configure_schedule=True, pub_interface_id=None, sub_interface_id=None):\n+                                configure_schedule=True, pub_interface_id=None, sub_interface_id=None,\n+                                gtk_csid=None):\n     \"\"\"\n     Request NDP from subscriber and accept on publisher.\n \n@@ -1104,7 +1118,7 @@ def _nan_ndp_request_and_accept(pub, sub, pid, sid, paddr, saddr, req_ssi, resp_\n     # NDP request\n     if \"OK\" not in sub.ndp_request(sub.ndi_name, sid, paddr, pid, req_ssi,\n                                    csid=csid, password=password, pmk=pmk,\n-                                   interface_id=sub_interface_id):\n+                                   interface_id=sub_interface_id, gtk_csid=gtk_csid):\n         raise Exception(\"NDP request failed\")\n \n     ev = pub.wpas.wait_event([\"NAN-NDP-REQUEST\"], timeout=5)\n@@ -1131,7 +1145,8 @@ def _nan_ndp_request_and_accept(pub, sub, pid, sid, paddr, saddr, req_ssi, resp_\n     accept_pwd = \"WRONG_PWD\" if wrong_pwd else password\n     if \"OK\" not in pub.ndp_response(\"accept\", saddr, ndi=pub.ndi_name, ndp_id=ndp_id, init_ndi=init_ndi,\n                                     handle=pid, ssi=resp_ssi, csid=csid, password=accept_pwd, pmk=pmk,\n-                                    interface_id=pub_interface_id):\n+                                    interface_id=pub_interface_id,\n+                                    gtk_csid=gtk_csid):\n         raise Exception(\"NDP response (accept) failed\")\n \n     # Verify disconnection on wrong password\n@@ -1211,7 +1226,8 @@ def _nan_test_connectivity(pub, sub):\n                       max_tries=3, timeout=5, broadcast=True)\n \n def _run_nan_dp(counter=False, csid=None, wrong_pwd=False, use_pmk=False,\n-                use_interface_id=False, verify_max_idle_period=False):\n+                use_interface_id=False, verify_max_idle_period=False, gtk_csid=None,\n+                mgmt_group_cipher=None):\n     if use_pmk:\n         pmk = \"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff\"\n         pwd = None\n@@ -1224,12 +1240,14 @@ def _run_nan_dp(counter=False, csid=None, wrong_pwd=False, use_pmk=False,\n     )\n \n     with hwsim_nan_radios() as (wpas1, wpas2), \\\n-        NanDevice(wpas1, \"nan0\", \"ndi0\") as pub, NanDevice(wpas2, \"nan1\", \"ndi1\") as sub:\n+        NanDevice(wpas1, \"nan0\", \"ndi0\", mgmt_group_cipher=mgmt_group_cipher) as pub, \\\n+        NanDevice(wpas2, \"nan1\", \"ndi1\", mgmt_group_cipher=mgmt_group_cipher) as sub:\n \n         pssi = \"aabbccdd001122334455667788\"\n         sssi = \"ddbbccaa001122334455667788\"\n \n-        pid, sid, paddr, saddr= _nan_discover_service(pub, sub, \"test_service\", pssi, sssi)\n+        pid, sid, paddr, saddr= _nan_discover_service(pub, sub, \"test_service\", pssi, sssi,\n+                                                      csid=csid, gtk_csid=gtk_csid)\n \n         # Log peer info (specific to this test)\n         peer_schedule = pub.wpas.request(\"NAN_PEER_INFO \" + saddr + \" schedule\")\n@@ -1247,7 +1265,8 @@ def _run_nan_dp(counter=False, csid=None, wrong_pwd=False, use_pmk=False,\n                                              resp_ssi=\"ddeeff\", csid=csid, password=pwd, pmk=pmk,\n                                              counter=counter, wrong_pwd=wrong_pwd,\n                                              pub_interface_id=pub_interface_id,\n-                                             sub_interface_id=sub_interface_id)\n+                                             sub_interface_id=sub_interface_id,\n+                                             gtk_csid=gtk_csid)\n         if result is None:\n             # wrong_pwd test completed\n             return\n@@ -1288,12 +1307,14 @@ def _run_nan_dp(counter=False, csid=None, wrong_pwd=False, use_pmk=False,\n                 raise Exception(f\"NAN-NDP-DISCONNECTED event not seen on subscriber or invalid data\")\n \n def run_nan_dp(country=\"US\", counter=False, csid=None, wrong_pwd=False, use_pmk=False,\n-               use_interface_id=False, verify_max_idle_period=False):\n+               use_interface_id=False, verify_max_idle_period=False, gtk_csid=None,\n+               mgmt_group_cipher=None):\n     set_country(country)\n     try:\n         _run_nan_dp(counter=counter, csid=csid, wrong_pwd=wrong_pwd, use_pmk=use_pmk,\n                     use_interface_id=use_interface_id,\n-                    verify_max_idle_period=verify_max_idle_period)\n+                    verify_max_idle_period=verify_max_idle_period, gtk_csid=gtk_csid,\n+                    mgmt_group_cipher=mgmt_group_cipher)\n     finally:\n         set_country(\"00\")\n \n@@ -1867,3 +1888,11 @@ def test_nan_ndp_reconnect_after_terminate(dev, apdev, params):\n def test_nan_dp_max_idle_period(dev, apdev, params):\n     \"\"\"NAN DP open with max idle period verification\"\"\"\n     run_nan_dp(use_interface_id=True, verify_max_idle_period=True)\n+\n+def test_nan_dp_sk_ccmp128_with_gtk(dev, apdev, params):\n+    \"\"\"NAN DP - 2way NDL + SK CCMP security with GTK\"\"\"\n+    run_nan_dp(csid=1, gtk_csid=5, mgmt_group_cipher=\"BIP-CMAC-128\")\n+\n+def test_nan_dp_sk_gcmp256_with_gtk(dev, apdev, params):\n+    \"\"\"NAN DP - 2way NDL + SK GCMP-256 security with GTK\"\"\"\n+    run_nan_dp(csid=2, gtk_csid=6, mgmt_group_cipher=\"BIP-GMAC-256\")\n","prefixes":["RFC","87/97"]}