{"id":2226385,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2226385/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-39-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.2/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422122424.43776-39-andrei.otcheretianski@intel.com>","list_archive_url":null,"date":"2026-04-22T12:23:29","name":"[38/92] wpa_supplicant: Store NIK received after pairing","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"1ad4f645ab8785f6c27a9282003dfcab95712d32","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.2/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-39-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501001,"url":"http://patchwork.ozlabs.org/api/1.2/series/501001/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501001","date":"2026-04-22T12:23:05","name":"Add NAN PASN pairing support","version":1,"mbox":"http://patchwork.ozlabs.org/series/501001/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226385/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226385/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=2lpn+LHX;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=S4TsRpF7;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z5B6LsDz1yHB\n\tfor ; Wed, 22 Apr 2026 22:27:42 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWfe-0000000A5f0-24Vw;\n\tWed, 22 Apr 2026 12:27:10 +0000","from mgamail.intel.com ([192.198.163.17])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWeF-0000000A3P1-07XG\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:25:56 +0000","from orviesa010.jf.intel.com ([10.64.159.150])\n by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:36 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:36 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=s1+smj2O5V4mgjxa1rmH59eSKEKvLxNBeAQ6dFJGXaQ=; b=2lpn+LHX9NZF6J\n\t13rPgjvsWmS/sclNGET+5zjPJ2Vy5qSCWL7C6YjBREmSeweIuf4FSBKluTfyMsiMMOGQVXVk23KMT\n\t6hbWJytUj8vU3JSN/ILVJTzUiP8NHR6c28eVy6hsSREzpNGiJ+g66HTDH7C4f7d+rX1m4nY/nrtC8\n\txcDU+oikryTJvExyxIPZdu4tEOqQroRI+zHQUeGll5KEDL16FlUs60QDq8LXRf9x4J+LbW0GEsppA\n\tlnUdpSBZPm/ynycXOFq6VTh4CuAp3Mts8dWQh6+vjlGmFN+sfJscrK95cwzZMp2gpgCuH4A8T4vvF\n\t66FoCJwyAjmQj9zfAY9A==;","v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1776860743; x=1808396743;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=3qusLLdbIdtzy5DjH5BnHqCkTMfkKE5YKUiki+Ql7kU=;\n b=S4TsRpF7KVbphqthwLMJA6XhEEGkjQojESnDVyNoOPoWMkeN5CZa/rQ/\n vt7eAQ7NBceLVKOCwohsf0to5DVWay/yw6gFfzReUfV5uSQ4Q2Suw74pD\n 22j59ivA6kHWLeyFlSkHFZMCdk/LDrbCqzGHEInof362FxMoJVBSf3hK5\n 8eVT8CbqEXZCgeW70H1kndeelRCLH8Z9en0FAsE4vM+0z/jhGY2+fJkpo\n s6XuGHNqZ4aIqrp99fTpEqeepyUcsTyRDH5yIZGKNF51kV1KGIDhpM2/F\n HLFE5N2RM1CrqhwQQ+R6LsGbp/NCDNPu9yD0stVLwF8Y7VescWHUHG1ZK\n Q==;"],"X-CSE-ConnectionGUID":["MCYQk3H1SGSLo0IZOKe6dg==","R0kV4rUzRaeG2dE+2YH9Xg=="],"X-CSE-MsgGUID":["SXfdJi45SyCo/Js9lVh7cA==","ef9xs8AvSM2R2GHu28ebcw=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11764\"; a=\"77687331\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"77687331\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"231445018\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski ","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern ","Subject":"[PATCH 38/92] wpa_supplicant: Store NIK received after pairing","Date":"Wed, 22 Apr 2026 15:23:29 +0300","Message-ID":"<20260422122424.43776-39-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","References":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260422_052543_212298_27C4396B ","X-CRM114-Status":"GOOD ( 15.63 )","X-Spam-Score":"-4.4 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: From: Avraham Stern When the NIK\n and NPK are reported,\n store them in the device identities database. Signed-off-by:\n Avraham Stern --- wpa_supplicant/config.h | 5\n +++\n wpa_supplicant/nan_supplicant.c | 65 +++++++++++++++++++++++++++++++++ 2\n files changed, 70 insertions(+)\n Content analysis details: (-4.4 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [192.198.163.17 listed in list.dnswl.org]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" ","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Avraham Stern \n\nWhen the NIK and NPK are reported, store them in the device identities\ndatabase.\n\nSigned-off-by: Avraham Stern \n---\n wpa_supplicant/config.h | 5 +++\n wpa_supplicant/nan_supplicant.c | 65 +++++++++++++++++++++++++++++++++\n 2 files changed, 70 insertions(+)","diff":"diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h\nindex b3f7cd0624..9a22cdcb6c 100644\n--- a/wpa_supplicant/config.h\n+++ b/wpa_supplicant/config.h\n@@ -456,6 +456,11 @@ struct wpa_dev_ik {\n \t * pmkid - PMKID used in the previous connection with the device\n \t */\n \tstruct wpabuf *pmkid;\n+\n+\t/**\n+\t * akmp - AKMP suite used in the previous connection with the device\n+\t */\n+\tint akmp;\n };\n \n \ndiff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex 68605d65b6..748c2ccdae 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -892,6 +892,70 @@ static int wpas_nan_pasn_auth_status_cb(void *ctx, const u8 *peer_addr,\n \n \treturn 0;\n }\n+\n+\n+static int wpas_nan_update_pairing_credentials_cb(void *ctx, const u8 *nik,\n+\t\t\t\t\t\t size_t nik_len,\n+\t\t\t\t\t\t int cipher_ver,\n+\t\t\t\t\t\t int nik_lifetime, int akmp,\n+\t\t\t\t\t\t u8 *npk, size_t npk_len)\n+{\n+\tstruct wpa_supplicant *wpa_s = ctx;\n+\tstruct wpa_dev_ik *ik;\n+\n+\tif (!nik || cipher_ver != NAN_NIRA_CIPHER_VER_128 ||\n+\t nik_len != NAN_NIK_LEN || !npk || !npk_len) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Invalid NIK/NPK parameters\");\n+\t\treturn -1;\n+\t}\n+\n+\twpa_hexdump_key(MSG_DEBUG, \"NAN: Received NIK\", nik, nik_len);\n+\twpa_printf(MSG_DEBUG, \"NAN: NIK lifetime=%d cipher_ver=%d\",\n+\t\t nik_lifetime, cipher_ver);\n+\n+\t/* Check if an identity with the same NIK already exists */\n+\tfor (ik = wpa_s->conf->identity; ik; ik = ik->next) {\n+\t\tif (nik_len == wpabuf_len(ik->dik) &&\n+\t\t os_memcmp(nik, wpabuf_head(ik->dik), nik_len) == 0) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t \"NAN: Remove previous device identity entry for matching NIK\");\n+\t\t\twpa_config_remove_identity(wpa_s->conf, ik->id);\n+\t\t\tbreak;\n+\t\t}\n+\t}\n+\n+\t/* Create a new device identity entry */\n+\twpa_printf(MSG_DEBUG,\n+\t\t \"NAN: Create a new device identity entry for NIK\");\n+\tik = wpa_config_add_identity(wpa_s->conf);\n+\tif (!ik) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to allocate identity\");\n+\t\treturn -1;\n+\t}\n+\n+\t/* Store the NIK as the DIK */\n+\tik->dik = wpabuf_alloc_copy(nik, nik_len);\n+\tif (!ik->dik)\n+\t\tgoto fail;\n+\n+\t/* Store the NPK as the PMK */\n+\tik->pmk = wpabuf_alloc_copy(npk, npk_len);\n+\tif (!ik->pmk)\n+\t\tgoto fail;\n+\n+\t/* Store cipher version and AKMP */\n+\tik->dik_cipher = cipher_ver;\n+\tik->akmp = akmp;\n+\n+\twpa_printf(MSG_INFO, \"NAN: Stored NIK as device identity (id=%d)\",\n+\t\t ik->id);\n+\treturn ik->id;\n+\n+fail:\n+\twpa_printf(MSG_DEBUG, \"NAN: Failed to store NIK as device identity\");\n+\twpa_config_remove_identity(wpa_s->conf, ik->id);\n+\treturn -1;\n+}\n #endif /* CONFIG_PASN */\n \n \n@@ -916,6 +980,7 @@ int wpas_nan_init(struct wpa_supplicant *wpa_s)\n #ifdef CONFIG_PASN\n \tnan.send_pasn = wpas_nan_pasn_send_cb;\n \tnan.pairing_result_cb = wpas_nan_pasn_auth_status_cb;\n+\tnan.update_pairing_credentials = wpas_nan_update_pairing_credentials_cb;\n #endif /* CONFIG_PASN */\n \n \t/* NDP */\n","prefixes":["38/92"]}