{"id":2229898,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2229898/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-92-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.1/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260428200639.40243-92-andrei.otcheretianski@intel.com>","date":"2026-04-28T20:06:32","name":"[91/97] wpa_supplicant: NAN: Support password hex in NDP request/response","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"5e15ac6801278b0a25eeb1022dd785d82f31d489","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.1/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-92-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501927,"url":"http://patchwork.ozlabs.org/api/1.1/series/501927/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501927","date":"2026-04-28T20:05:05","name":"NAN: Group keys support, schedule update and more","version":1,"mbox":"http://patchwork.ozlabs.org/series/501927/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2229898/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2229898/checks/","tags":{},"headers":{"Return-Path":"\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=dNKEGq/U;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=cZ1w8zmv;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4sBd37r2z1xvV\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:15:53 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoq2-00000002MsN-0F9C;\n\tTue, 28 Apr 2026 20:15:22 +0000","from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHol4-00000002CcZ-1hSS\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:10:17 +0000","from fmviesa001.fm.intel.com ([10.60.135.141])\n  by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:09:36 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:09:35 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=Nn+M8UPgbPAiXsLAbKa2H7RJed4HWheVoYqWCBtBhpU=; b=dNKEGq/UEDm8UN\n\tqk9fPcsU7Yl6kT/KrlHd6ytvtu5kmnDIMDbuhEvO7bZCqXr8rhax2A1DUuUUZ11Yu6hlv/Cq0EtdO\n\tZu4XKKGDMOSMxHVvD0XKw/t/v5IVhtqZLp6ylZhRzIgu7coLItsis/A+5XIRfBnGnQQXjTbmTm86L\n\tSFM3yuKrSEmliiv/xWTWO7QuRlV6mty9lIaUWrxCamE6aV5bBMl/E22wAPtTxeHBYioOw1h5CbWsu\n\tIgRnCltfWIp2kmog5XiJzOYjXuabpZrosMbZR+LVhQnfBaGHyRZoSwqH76vJoWfHKVoGSQvomTkMn\n\tqc0rFQBAOQH9mYL+T0zA==;","v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1777407014; x=1808943014;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=a68p7nAbntD1m1IAvZRQIIyKx0U6LVi0UiN46vryteE=;\n  b=cZ1w8zmvPpRV5Qw1k0h/0S9eNufKi56y+bHT4FPv+seJPcTuV++UH4n5\n   hCbFKpg5cWw1qhdGA9qRrf1Sh/eEKa+1+Wi+lDt5wMTbe4G5Bhk5haFtn\n   EK+sk86PKBSvzo4BPDiOVPJL4M8vHtzioHzGQhckTuwABvhH46HjN3U3W\n   aktD2fL/WqsuIgN2NBKvoYOU4yO7XwLevTtzu0FUT3/5KsIuFD24E9uTI\n   Y8JlN+oMk00D7TpW8siWf0q+GUam34d34/cU+iWVvBNu9BAdsgxjfWGRR\n   F4Q+l4j9qNnDTAwoKzkTtqdSOFiHx6OfaDy9A6c+qkFFL5/XLAYB41iTR\n   Q==;"],"X-CSE-ConnectionGUID":["Yz5aBohbS0SJ9rJTjqlF7w==","ilh4pUo0Twa+64GA5DQqFg=="],"X-CSE-MsgGUID":["b9dPAMdvS2u9TByh9J+gOw==","fsghiyeXScOc7UfsOotOxw=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11770\"; a=\"78519714\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"78519714\"","E=Sophos;i=\"6.23,204,1770624000\";\n   d=\"scan'208\";a=\"257610967\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski <andrei.otcheretianski@intel.com>","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>","Subject":"[PATCH 91/97] wpa_supplicant: NAN: Support password hex in NDP\n request/response","Date":"Tue, 28 Apr 2026 23:06:32 +0300","Message-ID":"<20260428200639.40243-92-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","References":"<20260428200639.40243-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260428_131014_581347_2BFAE606 ","X-CRM114-Status":"GOOD (  15.21  )","X-Spam-Score":"-4.5 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Avraham Stern <avraham.stern@intel.com> Add support\n   for specifying the password as hex for NAN NDP request/response.\n Signed-off-by:\n    Avraham Stern <avraham.stern@intel.com> ---\n wpa_supplicant/nan_supplicant.c\n    | 86 ++++++++++++++++++++++++++++----- 1 file changed, 74 insertions(+),\n   12 deletions(-)\n Content analysis details:   (-4.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [198.175.65.16 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<hostap.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/hostap/>","List-Post":"<mailto:hostap@lists.infradead.org>","List-Help":"<mailto:hostap-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" <hostap-bounces@lists.infradead.org>","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Avraham Stern <avraham.stern@intel.com>\n\nAdd support for specifying the password as hex for NAN NDP\nrequest/response.\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n wpa_supplicant/nan_supplicant.c | 86 ++++++++++++++++++++++++++++-----\n 1 file changed, 74 insertions(+), 12 deletions(-)","diff":"diff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex 14064249bb..6f2292a1ba 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -2456,6 +2456,47 @@ static int wpas_nan_set_ndp_schedule(struct wpa_supplicant *wpa_s,\n }\n \n \n+static char * wpas_nan_parse_password_hex(const char *hexstr)\n+{\n+\tsize_t len = os_strlen(hexstr);\n+\tsize_t pwd_len;\n+\tchar *pwd;\n+\tsize_t i;\n+\n+\tif (!len || len % 2 != 0) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Invalid password hex length: %zu\", len);\n+\t\treturn NULL;\n+\t}\n+\n+\tpwd_len = len / 2;\n+\tpwd = os_malloc(pwd_len + 1);\n+\tif (!pwd)\n+\t\treturn NULL;\n+\n+\tif (hexstr2bin(hexstr, (u8 *)pwd, pwd_len) < 0) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t   \"NAN: Invalid password hex data: %s\", hexstr);\n+\t\tos_free(pwd);\n+\t\treturn NULL;\n+\t}\n+\n+\t/* Reject passwords containing NULL bytes (except the terminator) */\n+\tfor (i = 0; i < pwd_len; i++) {\n+\t\tif (pwd[i] == '\\0') {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t   \"NAN: Decoded password contains embedded NUL byte at offset %zu\",\n+\t\t\t\t   i);\n+\t\t\tos_free(pwd);\n+\t\t\treturn NULL;\n+\t\t}\n+\t}\n+\n+\tpwd[pwd_len] = '\\0';\n+\treturn pwd;\n+}\n+\n+\n static int wpas_nan_fill_nd_pmk(struct wpa_supplicant *wpa_s,\n \t\t\t\tstruct nan_ndp_params *ndp,\n \t\t\t\tint handle,\n@@ -2582,7 +2623,7 @@ static int wpas_nan_set_gtk(struct wpa_supplicant *ndi_wpa_s,\n \n /* Command format NAN_NDP_REQUEST handle=<id> ndi=<ifname> peer_nmi=<nmi>\n    peer_id=<peer_instance_id> ssi=<hexdata> qos=<slots:latency>\n-   [csid = <cipher_suite> <password=<string>|pmk=<hex>>\n+   [csid = <cipher_suite> <password=<string>|pwd_hex=<hex>|pmk=<hex>>\n    [gtk_csid=<cipher_suite>]] [interface_id=<hex>] */\n int wpas_nan_ndp_request(struct wpa_supplicant *wpa_s, char *cmd)\n {\n@@ -2590,7 +2631,8 @@ int wpas_nan_ndp_request(struct wpa_supplicant *wpa_s, char *cmd)\n \tstruct wpabuf *ssi_buf = NULL;\n \tchar *token, *context = NULL;\n \tchar *pos;\n-\tconst char *pwd = NULL, *pmk = NULL;\n+\tconst char *pwd = NULL, *pmk = NULL, *pwd_hex = NULL;\n+\tchar *pwd_decoded = NULL;\n \tint handle = -1;\n \tint ret = -1;\n \tstruct wpa_supplicant *ndi_wpa_s = NULL;\n@@ -2681,6 +2723,8 @@ int wpas_nan_ndp_request(struct wpa_supplicant *wpa_s, char *cmd)\n \t\t\tndp.sec.csid = atoi(pos);\n \t\t} else if (os_strcmp(token, \"password\") == 0) {\n \t\t\tpwd = pos;\n+\t\t} else if (os_strcmp(token, \"pwd_hex\") == 0) {\n+\t\t\tpwd_hex = pos;\n \t\t} else if (os_strcmp(token, \"pmk\") == 0) {\n \t\t\tpmk = pos;\n \t\t} else if (os_strcmp(token, \"interface_id\") == 0) {\n@@ -2734,14 +2778,20 @@ int wpas_nan_ndp_request(struct wpa_supplicant *wpa_s, char *cmd)\n \t\tgoto fail;\n \t}\n \n-\tif (pmk && pwd) {\n+\tif ((pmk && pwd) || (pmk && pwd_hex) || (pwd && pwd_hex)) {\n \t\twpa_printf(MSG_INFO,\n-\t\t\t   \"NAN: Specify only one of password or pmk\");\n+\t\t\t   \"NAN: Specify only one of password, pwd_hex or pmk\");\n \t\tgoto fail;\n \t}\n \n-\tif (wpas_nan_fill_nd_pmk(wpa_s, &ndp, handle,\n-\t\t\t\t ndp.ndp_id.peer_nmi, pwd, pmk) < 0) {\n+\tif (pwd_hex) {\n+\t\tpwd_decoded = wpas_nan_parse_password_hex(pwd_hex);\n+\t\tif (!pwd_decoded)\n+\t\t\tgoto fail;\n+\t}\n+\n+\tif (wpas_nan_fill_nd_pmk(wpa_s, &ndp, handle, ndp.ndp_id.peer_nmi,\n+\t\t\t\t pwd_decoded ? pwd_decoded : pwd, pmk) < 0) {\n \t\twpa_printf(MSG_INFO,\n \t\t\t   \"NAN: Failed to derive NDP PMK\");\n \t\tgoto fail;\n@@ -2773,6 +2823,7 @@ fail:\n \twpabuf_free(ndp.sched.elems);\n \twpabuf_free(ssi_buf);\n \tos_free(ndp.interface_id);\n+\tos_free(pwd_decoded);\n \n \treturn ret;\n }\n@@ -2805,14 +2856,16 @@ int wpas_nan_ndp_response_set_gtk(struct wpa_supplicant *wpa_s,\n    [reason_code=<reject_reason>]\n    [ndi=<ifname> handle=<service_handle> init_ndi=<ndi>\n    ndp_id=<id> [ssi=<hexdata>] [qos=<slots:latency>]\n-   [csid=<csid> <password=<string>|pmk=<hex>]] [interface_id=<hex>] */\n+   [csid=<csid> <password=<string>|pwd_hex=<hex>|pmk=<hex>>]]\n+   [interface_id=<hex>] */\n int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n {\n \tstruct nan_ndp_params ndp;\n \tstruct wpabuf *ssi_buf = NULL;\n \tchar *token, *context = NULL;\n \tchar *pos;\n-\tconst char *pwd = NULL, *pmk = NULL;\n+\tconst char *pwd = NULL, *pmk = NULL, *pwd_hex = NULL;\n+\tchar *pwd_decoded = NULL;\n \tint handle = -1;\n \tint ret = -1;\n \tstruct wpa_supplicant *ndi_wpa_s = NULL;\n@@ -2915,6 +2968,8 @@ int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n \t\t\tndp.sec.csid = atoi(pos);\n \t\t} else if (os_strcmp(token, \"password\") == 0) {\n \t\t\tpwd = pos;\n+\t\t} else if (os_strcmp(token, \"pwd_hex\") == 0) {\n+\t\t\tpwd_hex = pos;\n \t\t} else if (os_strcmp(token, \"pmk\") == 0) {\n \t\t\tpmk = pos;\n \t\t} else if (os_strcmp(token, \"interface_id\") == 0) {\n@@ -2960,14 +3015,20 @@ int wpas_nan_ndp_response(struct wpa_supplicant *wpa_s, char *cmd)\n \t\t\tgoto fail;\n \t\t}\n \n-\t\tif (pmk && pwd) {\n+\t\tif ((pmk && pwd) || (pmk && pwd_hex) || (pwd && pwd_hex)) {\n \t\t\twpa_printf(MSG_INFO,\n-\t\t\t\t   \"NAN: Specify only one of password or pmk\");\n+\t\t\t\t   \"NAN: Specify only one of password, pwd_hex or pmk\");\n \t\t\tgoto fail;\n \t\t}\n \n-\t\tif (wpas_nan_fill_nd_pmk(wpa_s, &ndp, handle,\n-\t\t\t\t\t publisher_nmi, pwd, pmk) < 0) {\n+\t\tif (pwd_hex) {\n+\t\t\tpwd_decoded = wpas_nan_parse_password_hex(pwd_hex);\n+\t\t\tif (!pwd_decoded)\n+\t\t\t\tgoto fail;\n+\t\t}\n+\n+\t\tif (wpas_nan_fill_nd_pmk(wpa_s, &ndp, handle, publisher_nmi,\n+\t\t\t\t\t pwd_decoded ? pwd_decoded : pwd, pmk) < 0) {\n \t\t\twpa_printf(MSG_INFO, \"NAN: Failed to derive NDP PMK\");\n \t\t\tgoto fail;\n \t\t}\n@@ -3019,6 +3080,7 @@ fail:\n \twpabuf_free(ndp.sched.elems);\n \twpabuf_free(ssi_buf);\n \tos_free(ndp.interface_id);\n+\tos_free(pwd_decoded);\n \n \treturn ret;\n }\n","prefixes":["91/97"]}