{"id":2226416,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2226416/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-66-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.2/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422122424.43776-66-andrei.otcheretianski@intel.com>","list_archive_url":null,"date":"2026-04-22T12:23:56","name":"[65/92] NAN: Add the option to set the NIK and its lifetime","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"375e459334bf79d2add8680c7c8464e32e40542d","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.2/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-66-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501001,"url":"http://patchwork.ozlabs.org/api/1.2/series/501001/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501001","date":"2026-04-22T12:23:05","name":"Add NAN PASN pairing support","version":1,"mbox":"http://patchwork.ozlabs.org/series/501001/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226416/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226416/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=uIv1B0T1;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=JuY6dQTr;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z8R05Ffz1y2d\n\tfor ; Wed, 22 Apr 2026 22:30:31 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWiN-0000000A9SA-2n5S;\n\tWed, 22 Apr 2026 12:29:59 +0000","from mgamail.intel.com ([192.198.163.17])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWfU-0000000A34C-0mFK\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:27:10 +0000","from orviesa010.jf.intel.com ([10.64.159.150])\n by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:26:20 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:26:19 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=kGghSx4xpuYkHbTAke5rCbiM/GWsI25qbblPOTdxPOw=; b=uIv1B0T13jDtpg\n\tVzc+OR70KUUDlJ0BYRGvCSwzag+NnTnh89wj4gMg1vu/go+Rauqo1RuoVfiMmWC3kZujR/8xJQ0pD\n\t/sRKGXj/3AX8jhBS2fQ9teBT2VlNae1E/ObI2ye6HU+NzEjbxtjH2HWEgygw4xgn3CvpA5Q+awPEW\n\tsnIVKLpKetWKr3czkMDUwr679XUvtfNDiD/gxqeBz0UPgQAFnONQhmp72vE089gdlrpHD5UkvGKSp\n\t1NmBQBRBJU+eLT5EZ1tbytJ2D3GOj0qfI8ARevWjujU6G1NgsiA1p2lTHFDbjnMJMrs3MQLwe7z7j\n\tfRQm6rBNdj0pMiiYZnqA==;","v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1776860820; x=1808396820;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=XhBz6GiFSSaFyU3ms8RFuQ2WJeRD2pTCzJF7VNWbF40=;\n b=JuY6dQTr0+oo09hoTapAQ/mTlm44syvw8L+g6shxeqbkDk4E33DrJZYp\n yfCReOT8tl3Xc+iWY0pkOJagtTmSSsaSx0G5DA6WDj2PiQ2MQRk/NG2SP\n 4mm/SvElziQV/0eB0l5HFI8ZY4+rcFwe3GuMvCFmD49KECz+Hgn/LT24J\n zruIeGOftAoww9BB3obDKD7CD4T+hpi9YLzByEDbUAt025Sz7j23V0CTA\n 1RRuA6SlZFsLn3fMeOPLdh03+78nQ1hQsmKiWDSbD9FXaHrgZut9l6EOL\n y9ZeAmRUay4KJfrtnTpQsCWv2iedAR2KRIB4ht8eaJI/HmaB134225CVQ\n w==;"],"X-CSE-ConnectionGUID":["lhQ/RjnATfKhZDB8AHFSzA==","Lwx04F0DRAa0nt+1lzB+8g=="],"X-CSE-MsgGUID":["qDnyESLmSDunIRhdts9YdA==","SC4h4LwKQKaIzlwlOO4Q3A=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11764\"; a=\"77687489\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"77687489\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"231445194\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski ","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAvraham Stern ","Subject":"[PATCH 65/92] NAN: Add the option to set the NIK and its lifetime","Date":"Wed, 22 Apr 2026 15:23:56 +0300","Message-ID":"<20260422122424.43776-66-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","References":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260422_052700_369694_297A6A67 ","X-CRM114-Status":"GOOD ( 10.87 )","X-Spam-Score":"-4.4 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: From: Avraham Stern Add the\n option\n to set the NIK and the NIK lifetime. Signed-off-by: Avraham Stern\n \n --- src/nan/nan.h | 2 ++ src/nan/nan_pairing.c | 42\n +++++++++++++++++++++++++++++++++\n wpa_supplicant/nan_supplicant.c | 23 ++++++++++++++++++ 3 f [...]\n Content analysis details: (-4.4 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [192.198.163.17 listed in list.dnswl.org]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" ","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Avraham Stern \n\nAdd the option to set the NIK and the NIK lifetime.\n\nSigned-off-by: Avraham Stern \n---\n src/nan/nan.h | 2 ++\n src/nan/nan_pairing.c | 42 +++++++++++++++++++++++++++++++++\n wpa_supplicant/nan_supplicant.c | 23 ++++++++++++++++++\n 3 files changed, 67 insertions(+)","diff":"diff --git a/src/nan/nan.h b/src/nan/nan.h\nindex 0a8629fad4..ab50545732 100644\n--- a/src/nan/nan.h\n+++ b/src/nan/nan.h\n@@ -740,6 +740,8 @@ int nan_pairing_set_pairing_setup(struct nan_data *nan_data, bool value);\n int nan_pairing_set_npk_caching(struct nan_data *nan_data, bool value);\n int nan_pairing_set_pairing_verification(struct nan_data *nan_data, bool value);\n int nan_pairing_set_cipher_suites(struct nan_data *nan_data, u32 value);\n+int nan_pairing_set_nik(struct nan_data *nan, const u8 *nik, size_t nik_len);\n+int nan_pairing_set_nik_lifetime(struct nan_data *nan, u32 lifetime);\n bool nan_pairing_is_peer_paired(struct nan_data *nan_data, const u8 *peer_addr);\n #else\n static inline int nan_pairing_add_attrs(struct nan_data *nan_data,\ndiff --git a/src/nan/nan_pairing.c b/src/nan/nan_pairing.c\nindex 848b5ef928..0e2e87d039 100644\n--- a/src/nan/nan_pairing.c\n+++ b/src/nan/nan_pairing.c\n@@ -1382,6 +1382,48 @@ int nan_pairing_set_cipher_suites(struct nan_data *nan, u32 value)\n }\n \n \n+int nan_pairing_set_nik(struct nan_data *nan, const u8 *nik, size_t nik_len)\n+{\n+\tu8 nonce[NAN_NIRA_NONCE_LEN];\n+\tu8 tag[NAN_NIRA_TAG_LEN];\n+\n+\tif (!nik || nik_len != NAN_NIK_LEN) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Pairing: Invalid NIK (len=%zu)\",\n+\t\t\t nik_len);\n+\t\treturn -1;\n+\t}\n+\n+\tif (nan->cfg->pairing_cfg.pairing_verification &&\n+\t nan_nira_get_tag_nonce(nan->cfg, nonce, tag) < 0) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Failed to set NIRA for new NIK\");\n+\t\treturn -1;\n+\t}\n+\n+\tos_memcpy(nan->cfg->nik, nik, NAN_NIK_LEN);\n+\tos_memcpy(nan->nira_nonce, nonce, NAN_NIRA_NONCE_LEN);\n+\tos_memcpy(nan->nira_tag, tag, NAN_NIRA_TAG_LEN);\n+\n+\twpa_hexdump_key(MSG_DEBUG, \"NAN: new NIK\", nan->cfg->nik, NAN_NIK_LEN);\n+\treturn 0;\n+}\n+\n+\n+int nan_pairing_set_nik_lifetime(struct nan_data *nan, u32 lifetime)\n+{\n+\tif (!lifetime) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Pairing: Invalid NIK lifetime (%u)\",\n+\t\t\t lifetime);\n+\t\treturn -1;\n+\t}\n+\n+\tnan->cfg->nik_lifetime = lifetime;\n+\twpa_printf(MSG_DEBUG, \"NAN: SET: NIK lifetime: %u seconds\",\n+\t\t lifetime);\n+\treturn 0;\n+}\n+\n+\n bool nan_pairing_is_peer_paired(struct nan_data *nan_data, const u8 *peer_addr)\n {\n \tstruct nan_peer *peer;\ndiff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex c58e18016e..1f7578ac45 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -1354,6 +1354,29 @@ int wpas_nan_set(struct wpa_supplicant *wpa_s, char *cmd)\n #undef NAN_PARSE_PAIRING_BOOL\n #undef NAN_PARSE_PAIRING_INT\n \n+\tif (os_strcmp(\"nik\", cmd) == 0) {\n+\t\tu8 nik[NAN_NIK_LEN];\n+\n+\t\t/* Parse NIK value (hex string) */\n+\t\tif (hexstr2bin(param, nik, NAN_NIK_LEN) < 0) {\n+\t\t\twpa_printf(MSG_DEBUG, \"NAN: Invalid NIK format\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\treturn nan_pairing_set_nik(wpa_s->nan, nik, NAN_NIK_LEN);\n+\t}\n+\n+\tif (os_strcmp(\"nik_lifetime\", cmd) == 0) {\n+\t\tu32 lifetime = atoi(param);\n+\n+\t\tif (lifetime == 0) {\n+\t\t\twpa_printf(MSG_DEBUG, \"NAN: Invalid NIK lifetime\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\treturn nan_pairing_set_nik_lifetime(wpa_s->nan, lifetime);\n+\t}\n+\n \twpa_printf(MSG_INFO, \"NAN: Unknown NAN_SET cmd='%s'\", cmd);\n \treturn -1;\n }\n","prefixes":["65/92"]}