{"id":2226359,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2226359/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-12-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.2/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422122424.43776-12-andrei.otcheretianski@intel.com>","list_archive_url":null,"date":"2026-04-22T12:23:02","name":"[11/92] NAN: Add a function for deriving NIRA's tag from NIK","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"d8bb96a0a850d7d5b8b7ce75aedc1585e8f8f4b9","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.2/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-12-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501001,"url":"http://patchwork.ozlabs.org/api/1.2/series/501001/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501001","date":"2026-04-22T12:23:05","name":"Add NAN PASN pairing support","version":1,"mbox":"http://patchwork.ozlabs.org/series/501001/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226359/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226359/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=XQbyDMyx;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=kIVJq0x2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z2h6J3qz23Zd\n\tfor ; Wed, 22 Apr 2026 22:25:30 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWdU-0000000A2WH-1t0q;\n\tWed, 22 Apr 2026 12:24:56 +0000","from mgamail.intel.com ([192.198.163.17])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWdQ-0000000A2S6-1lAi\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:24:55 +0000","from orviesa010.jf.intel.com ([10.64.159.150])\n by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:24:52 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:24:51 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=JeSXqFkzwDvP59l6ph7UjpIdUg3rC7gNp95oUK8ZEq0=; b=XQbyDMyxQcEEXA\n\tyXKTGnfxKwGf/sMQvVWBNzQzwj0TjXbe+aJATgSSzuL26utMZ57SmKA06z16tr68l4W0/ky6Cdbew\n\ts8j+WIq9iVU+o32RT9flLpZZFaKaJ2RXRwaEApRgMAEhskabqVOJv800vDPFdzmapjf5Mz9E8HoZQ\n\tTVtOoxgX8bNlXV3Oyax8jrmBKTAsQBWFXPQY6d4IU0p4S17t3qRwuL7BTKjY9i+czJQTSfKF89fM1\n\t5H32MBJ1ILMNmBn+mVU1aatRytjTPiVCIaQFHqZfglgTEb/nfraHltCuIu9S0pn51TNgt0THGljtc\n\tLDihW7DkEJZLlXT0+z3Q==;","v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1776860692; x=1808396692;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=zCnLHifu2zwIn767NGjGlPg2bs2ENsbIgNEd0Z3xgHI=;\n b=kIVJq0x2e+rqtHmGcQvJH87958/iBRsrGzQ4CP90970MZ/oa8tf0+SA1\n Ko1bgaruzU0dfUP7QW7Md58UeM4sM5WwNKH8712w2Plp2C6ReEqAUNo4/\n W0852OUT/1XDjbUG4p4LwYrasLEgMG1zWeYTVBA/syKpnTX8BT/2ISnRT\n TrQ4+LIo7W3X0gkby0NpByrnrW1sL+kWIbNRepZjbBGPW8yNaUhE/C24A\n d1hrNsiL21ht5L+/+FTucc+bH2zuD2W8sKU+zPKC/7Tg0S92tXo9xltrm\n P+uORp9qQVaY2aykDy1BCxw34J9ERGyeEXHq4sOoG89e3CDeYJT29MX7Z\n A==;"],"X-CSE-ConnectionGUID":["fAw4COmISl+cIfpZjW/EyA==","FrbmlWwjTu+JIQzBDXUBuQ=="],"X-CSE-MsgGUID":["z10ME39qRGSwSXpis+w7Pg==","1IRbVoDnSnmgXMRNjngWGw=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11764\"; a=\"77687152\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"77687152\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"231444875\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski ","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern ","Subject":"[PATCH 11/92] NAN: Add a function for deriving NIRA's tag from NIK","Date":"Wed, 22 Apr 2026 15:23:02 +0300","Message-ID":"<20260422122424.43776-12-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","References":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260422_052454_026831_14052FC2 ","X-CRM114-Status":"GOOD ( 13.45 )","X-Spam-Score":"-4.4 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: From: Avraham Stern Add a\n function\n to derive the corresponding tag for a given NIK,\n NMI address and nonce. Signed-off-by:\n Avraham Stern --- src/common/nan_defs.h | 6\n +++++\n src/nan/nan.h | 3 +++ src/nan/nan_crypto.c | 58\n +++++++++++++++++++++++++++++++++++++++++++\n 3 files changed, [...]\n Content analysis details: (-4.4 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [192.198.163.17 listed in list.dnswl.org]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" ","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Avraham Stern \n\nAdd a function to derive the corresponding tag for a given NIK,\nNMI address and nonce.\n\nSigned-off-by: Avraham Stern \n---\n src/common/nan_defs.h | 6 +++++\n src/nan/nan.h | 3 +++\n src/nan/nan_crypto.c | 58 +++++++++++++++++++++++++++++++++++++++++++\n 3 files changed, 67 insertions(+)","diff":"diff --git a/src/common/nan_defs.h b/src/common/nan_defs.h\nindex dcb2f76d6b..48a3bcf493 100644\n--- a/src/common/nan_defs.h\n+++ b/src/common/nan_defs.h\n@@ -558,4 +558,10 @@ struct nan_shared_key {\n #define NAN_DEV_CAPA_EXT_INFO_1_PAIRING_SETUP BIT(0)\n #define NAN_DEV_CAPA_EXT_INFO_1_NPK_NIK_CACHING BIT(1)\n \n+#define NAN_NIRA_NONCE_LEN\t8\n+#define NAN_NIRA_TAG_LEN\t8\n+#define NAN_NIRA_STR_LEN\t3\n+#define NAN_NIRA_CIPHER_VER_128\t0\n+#define NAN_NIK_LEN\t\t16\n+\n #endif /* NAN_DEFS_H */\ndiff --git a/src/nan/nan.h b/src/nan/nan.h\nindex f012d43638..b2cafdb3f5 100644\n--- a/src/nan/nan.h\n+++ b/src/nan/nan.h\n@@ -659,6 +659,9 @@ int nan_set_bootstrap_configuration(struct nan_data *nan,\n \t\t\t\t u16 supported_bootstrap_methods,\n \t\t\t\t u16 auto_accept_bootstrap_methods,\n \t\t\t\t u16 bootstrap_comeback_timeout);\n+struct wpabuf *nan_crypto_derive_nira_tag(const u8 *nik, size_t nik_len,\n+\t\t\t\t\t const u8 *nmi_addr,\n+\t\t\t\t\t const u8 *nira_nonce);\n #ifdef CONFIG_PASN\n int nan_pairing_add_attrs(struct nan_data *nan_data, struct wpabuf *buf);\n #else\ndiff --git a/src/nan/nan_crypto.c b/src/nan/nan_crypto.c\nindex 5e5764a0f7..421e271010 100644\n--- a/src/nan/nan_crypto.c\n+++ b/src/nan/nan_crypto.c\n@@ -309,3 +309,61 @@ int nan_crypto_derive_nd_pmk(const char *pwd, const u8 *service_id,\n \t\treturn -1;\n \t}\n }\n+\n+/**\n+ * nan_crypto_derive_nira_tag - Derive NIRA tag\n+ *\n+ * @nik: NAN Identity Key\n+ * @nik_len: Length of &nik\n+ * @nmi_addr: NAN Management Interface address (6 bytes)\n+ * @nira_nonce: NIRA nonce (8 bytes)\n+ * Returns: wpabuf containing the derived tag (8 bytes) or %NULL on failure\n+ *\n+ * Derives a NIRA tag for cipher version 0 using HMAC-SHA-256:\n+ * Tag = Truncate-64(HMAC-SHA-256(NIK, \"NIR\" || NMI Address || Nonce))\n+ * The caller is responsible for freeing the returned wpabuf using\n+ * wpabuf_free().\n+ */\n+struct wpabuf *nan_crypto_derive_nira_tag(const u8 *nik, size_t nik_len,\n+\t\t\t\t\t const u8 *nmi_addr,\n+\t\t\t\t\t const u8 *nira_nonce)\n+{\n+\tu8 data[NAN_NIRA_STR_LEN + ETH_ALEN + NAN_NIRA_NONCE_LEN];\n+\tu8 tag[SHA256_MAC_LEN];\n+\tstruct wpabuf *tag_buf;\n+\n+\tif (!nik || nik_len != NAN_NIK_LEN) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Invalid NIK for tag derivation (len=%zu)\",\n+\t\t\t nik ? nik_len : 0);\n+\t\treturn NULL;\n+\t}\n+\n+\tif (!nmi_addr || !nira_nonce) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Invalid parameters for tag derivation\");\n+\t\treturn NULL;\n+\t}\n+\n+\t/* Construct data: \"NIR\" || NMI Address || Nonce */\n+\tos_memcpy(data, \"NIR\", NAN_NIRA_STR_LEN);\n+\tos_memcpy(&data[NAN_NIRA_STR_LEN], nmi_addr, ETH_ALEN);\n+\tos_memcpy(&data[NAN_NIRA_STR_LEN + ETH_ALEN], nira_nonce,\n+\t\t NAN_NIRA_NONCE_LEN);\n+\n+\t/* Compute HMAC-SHA-256(NIK, data) */\n+\tif (hmac_sha256(nik, NAN_NIK_LEN, data, sizeof(data), tag) < 0) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to compute HMAC for tag\");\n+\t\treturn NULL;\n+\t}\n+\n+\ttag_buf = wpabuf_alloc_copy(tag, NAN_NIRA_TAG_LEN);\n+\tif (!tag_buf)\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to allocate tag buffer\");\n+\telse\n+\t\twpa_hexdump(MSG_DEBUG, \"NAN: Derived NIRA tag\",\n+\t\t\t wpabuf_head(tag_buf), wpabuf_len(tag_buf));\n+\n+\tforced_memzero(tag, sizeof(tag));\n+\treturn tag_buf;\n+}\n","prefixes":["11/92"]}