{"id":2226399,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2226399/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-53-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.2/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422122424.43776-53-andrei.otcheretianski@intel.com>","list_archive_url":null,"date":"2026-04-22T12:23:43","name":"[52/92] wpa_supplicant: Add nd_pmk parameter to NAN_PUBLISH command","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"03118987cbe97e3d21f715ed04ceb4481445ed1a","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.2/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-53-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501001,"url":"http://patchwork.ozlabs.org/api/1.2/series/501001/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501001","date":"2026-04-22T12:23:05","name":"Add NAN PASN pairing support","version":1,"mbox":"http://patchwork.ozlabs.org/series/501001/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226399/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226399/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=j/wHr+ZO;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256\n header.s=desiato.20200630 header.b=YwboA3ge;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=HNHeF9k2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z6m1jtmz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 22:29:04 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWgx-0000000A7VD-3VC7;\n\tWed, 22 Apr 2026 12:28:31 +0000","from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWfL-0000000A5Gm-1E36\n\tfor hostap@bombadil.infradead.org;\n\tWed, 22 Apr 2026 12:26:51 +0000","from mgamail.intel.com ([192.198.163.17])\n\tby desiato.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWfD-0000000BKjs-2ph7\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:26:49 +0000","from orviesa010.jf.intel.com ([10.64.159.150])\n  by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:59 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:25:58 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=f3hE4YINl+UpodrBBH9cOE9Pqg78Q2wcLANFEIFViqs=; b=j/wHr+ZO21XHD+\n\tQjpYcPzib2bpXiUoRETbZOxGOLQ1GU9zdzOjjx8nOqhBeFS7ZX1Rko/RluWEU/tDzflimrp1B3+sc\n\tBOU4eO3VQIi2NH46YgDjSpttTdl5qLvZ3jrHb/NGYe62xPGChTKkeEAoKcxJRIxuF2nibzGHshjPH\n\tPIHiMfDwvf2uN0lzzNF2XdE4u5aNosc8QGOARWhLv7ve5WU13cFLndPPdkKj9bCali9Jhv1colLbb\n\tXxDR2Pjr+aWRbpnCia+YDM/oC25/KTBHZG4ZbfRvMoRvR1bbSMP2i5BNOIG/XRBgPZ832/VzAB/zZ\n\tM60rcT1obV0K7nBSuxFw==;","v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version\n\t:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:\n\tContent-Type:Content-ID:Content-Description;\n\tbh=QvOYKFQVJ7K0CJEMMUaFjb0LlTJcYxNFqdu3LK+OzyE=; b=YwboA3geXwggXD4tZ7xMtxj0CJ\n\t7xnAb5SawxWCbrgDqg1RJRlN8FQDgrPJU6pGPsIYfS7qSoBvLFVDiXsTN/aG+pbTeiqqlUuyuxvac\n\tAlb0S4gZpCtwnI/FhMc5ugCrFSvy2Lw17/mi9RdiBm/bOnde09ftHI5IScwWkjfkI/oMZeKu3mx/X\n\tNZa+IiV3xY2ZtIJYpvauaxzJBDb8AQo7Y3sOei575FwkisuM6td+8xiJC9YCkOHl/Cr8nfcht8/C3\n\t3kCLFyhZztkXK3Pzo+lMOI0au96d0X3cXsBN9TH8soLV6GRPnoQRUI+c2QSICV53nbi9gWIDGVZyI\n\tkKlsjpPg==;","v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1776860803; x=1808396803;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=JO6rzXZMXW/rz352Umuosk2gg16DymPFrRENNLFVkDA=;\n  b=HNHeF9k2YPkcpoOd84gDD7aQGkmkHnJztJOvcJpEzP1mmvaN+AZo1vaz\n   +CGoJHhVa8vU9gWizgiEkiJixqMmCSjFsLrMROskUkLy7kNNALOlIe5DL\n   X44dxINvh6qhDRwmX5acABy5WGGo/soQGb0Kd7pGQI1w779lmC4bEZIe2\n   zwRCDgoX/dwsGwyGK7yqewdPUoMCRze1NnpbVCfMny59GpCZdTluJChps\n   LuePqQlzj/s+jR66OVrLgm8hIcTtxqO7C4sa+mILgrLTnYp8FVsTTAkyi\n   1Wx1pUqXRTt2JV54V2MN2WKoo9PG8W53W4W3OaZOsJesokFYW/IV3U6l4\n   g==;"],"X-CSE-ConnectionGUID":["Bn6K+XbXSzWHR817LbTJXw==","3O/uBnSeR4GEGJjGcTEPCw=="],"X-CSE-MsgGUID":["tScRWcG7RbKWjgtElVejng==","fTpvVVLOTkqK9/GPlnueyw=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11764\"; a=\"77687407\"","E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"77687407\"","E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"231445106\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski <andrei.otcheretianski@intel.com>","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern <avraham.stern@intel.com>","Subject":"[PATCH 52/92] wpa_supplicant: Add nd_pmk parameter to NAN_PUBLISH\n command","Date":"Wed, 22 Apr 2026 15:23:43 +0300","Message-ID":"<20260422122424.43776-53-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","References":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260422_132644_040400_25AA5995 ","X-CRM114-Status":"GOOD (  10.38  )","X-Spam-Score":"-2.5 (--)","X-Spam-Report":"Spam detection software,\n running on the system \"desiato.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Avraham Stern <avraham.stern@intel.com> Allow\n specifying\n    a NAN Data Path PMK (ND-PMK) in the NAN_PUBLISH command. When provided\n along\n    with cipher_suites,\n PMKIDs will be derived for each cipher suite and included\n    in the Security Context Info [...]\n Content analysis details:   (-2.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [192.198.163.17 listed in list.dnswl.org]\n -0.0 SPF_PASS               SPF: sender matches SPF record\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n -0.0 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<hostap.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/hostap/>","List-Post":"<mailto:hostap@lists.infradead.org>","List-Help":"<mailto:hostap-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" <hostap-bounces@lists.infradead.org>","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Avraham Stern <avraham.stern@intel.com>\n\nAllow specifying a NAN Data Path PMK (ND-PMK) in the NAN_PUBLISH\ncommand. When provided along with cipher_suites, PMKIDs will be\nderived for each cipher suite and included in the Security Context\nInformation attribute in publish messages.\n\nThe nd_pmk parameter expects a hex string of length 32 bytes (64 hex\ncharacters).\n\nExample usage:\nNAN_PUBLISH service_name=test cipher_suites=1,2 \\\nnd_pmk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n\nSigned-off-by: Avraham Stern <avraham.stern@intel.com>\n---\n wpa_supplicant/ctrl_iface.c | 21 +++++++++++++++++++++\n 1 file changed, 21 insertions(+)","diff":"diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c\nindex 5570df81c6..78a86f8c89 100644\n--- a/wpa_supplicant/ctrl_iface.c\n+++ b/wpa_supplicant/ctrl_iface.c\n@@ -12779,6 +12779,7 @@ static int wpas_ctrl_nan_publish(struct wpa_supplicant *wpa_s, char *cmd,\n \tenum nan_service_protocol_type srv_proto_type = 0;\n \tint *freq_list = NULL;\n \tint *cipher_list = NULL;\n+\tu8 nd_pmk[PMK_LEN];\n \tbool p2p = false;\n \n \tos_memset(&params, 0, sizeof(params));\n@@ -12904,6 +12905,23 @@ static int wpas_ctrl_nan_publish(struct wpa_supplicant *wpa_s, char *cmd,\n \t\t\tcontinue;\n \t\t}\n \n+\t\tif (os_strncmp(token, \"nd_pmk=\", 7) == 0) {\n+\t\t\tif (params.nd_pmk) {\n+\t\t\t\twpa_printf(MSG_INFO,\n+\t\t\t\t\t   \"CTRL: Duplicate nd_pmk parameter\");\n+\t\t\t\tgoto fail;\n+\t\t\t}\n+\n+\t\t\tif (hexstr2bin(token + 7, nd_pmk, PMK_LEN) < 0) {\n+\t\t\t\twpa_printf(MSG_INFO,\n+\t\t\t\t\t   \"CTRL: Invalid nd_pmk value\");\n+\t\t\t\tgoto fail;\n+\t\t\t}\n+\n+\t\t\tparams.nd_pmk = nd_pmk;\n+\t\t\tcontinue;\n+\t\t}\n+\n \t\twpa_printf(MSG_INFO, \"CTRL: Invalid NAN_PUBLISH parameter: %s\",\n \t\t\t   token);\n \t\tgoto fail;\n@@ -12914,6 +12932,9 @@ static int wpas_ctrl_nan_publish(struct wpa_supplicant *wpa_s, char *cmd,\n \tif (publish_id > 0)\n \t\tret = os_snprintf(buf, buflen, \"%d\", publish_id);\n fail:\n+\tif (params.nd_pmk)\n+\t\tforced_memzero(nd_pmk, PMK_LEN);\n+\n \twpabuf_free(ssi);\n \tos_free(freq_list);\n \tos_free(cipher_list);\n","prefixes":["52/92"]}