{"id":2226438,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2226438/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-90-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/1.2/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422122424.43776-90-andrei.otcheretianski@intel.com>","list_archive_url":null,"date":"2026-04-22T12:24:20","name":"[89/92] NAN: Support NDP establishment with PASN cipher suites","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"274dce773e6d7a7d626c474923f1b60252639902","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/1.2/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-90-andrei.otcheretianski@intel.com/mbox/","series":[{"id":501001,"url":"http://patchwork.ozlabs.org/api/1.2/series/501001/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=501001","date":"2026-04-22T12:23:05","name":"Add NAN PASN pairing support","version":1,"mbox":"http://patchwork.ozlabs.org/series/501001/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226438/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226438/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=sJwaSKuP;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=kgBgbBhq;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0zBh53JWz1y2d\n\tfor ; Wed, 22 Apr 2026 22:32:28 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWkD-0000000AC8a-1z1T;\n\tWed, 22 Apr 2026 12:31:53 +0000","from mgamail.intel.com ([192.198.163.17])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWg0-0000000A34B-0Pk4\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:27:42 +0000","from orviesa010.jf.intel.com ([10.64.159.150])\n by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:26:59 -0700","from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:26:58 -0700"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=ONnrB5PNwSaspef2uVNxG5bT4rdSOLuekIwe88FvZ4o=; b=sJwaSKuPLqQQJJ\n\tP3Lku3sXIxHUyKBjA1XdcVHTJ84hcdKxXKTkx0BydX17kgmipaAaIk3ApdwphQzyTIh+nabdpXU65\n\tncw5r77Sslh/idMrsbJ3qvQi6VQhUQCEfkWVxM38642eZLpsg+7fefoQhH8pleFvJXt5GRrgwRw09\n\t4nZQwjdnFPtODIwm6kDmDgcRnUlV4Y9fz/aVPu6G3HkrrXkMUUQSFFD5allNddO/HAx6WSTIDFnkg\n\t/bsEeYg0CazBkFEQ0xjAEt71s9qrhQGxZD5LajMjiwTdqlFpjJRVAANkwJPVSUmRGDbMPQsINWKFr\n\tXwmK5XchHwPN/OTZoRTA==;","v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1776860852; x=1808396852;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=GAxlC6yVnCnnqI/K0ChtUzSbqpnZTuRatJf0GXOHaDE=;\n b=kgBgbBhqiGXp2SkSmwh645L0gegbZUL3tFHQIWh5UnmKhkrs0zWW9SlT\n 5tXM09sijrkEDUdxzQhWgHUbDq5+kYi7znInWsp+nPLJazrEgv03rNzVj\n BP7AEaJS45rb7nFVC2l7LkJJ10toitrgx5m4KoFIxYqX8LP3KBt09U98s\n J50KD1QSilyE9MwM3+SFfK1z9Uy6pW3yw5eYV9Tu6pjMm1jliWiLgw7H+\n CQ2SWD2z5t8qTHecNKynyl6mJGfPuTP6+OMA1tLwmiAnclkDJJ5ojUmgA\n cSrQOMJOQE+SjbR7yIEEjb7Pg/Z4ir5kD5SET3bRUBk8ui4yDMD/Hdjwh\n A==;"],"X-CSE-ConnectionGUID":["amwWdCKwR0q6oUSVLZguiw==","Ibi+Vf56QUy38bEcBDsiwg=="],"X-CSE-MsgGUID":["vhQm2o8hQCqRwnKf+tSnyQ==","GlBY4YTmRrmCjU/SdX9giw=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11764\"; a=\"77687635\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"77687635\"","E=Sophos;i=\"6.23,192,1770624000\";\n d=\"scan'208\";a=\"231445359\""],"X-ExtLoop1":"1","From":"Andrei Otcheretianski ","To":"hostap@lists.infradead.org","Cc":"vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tAndrei Otcheretianski ","Subject":"[PATCH 89/92] NAN: Support NDP establishment with PASN cipher suites","Date":"Wed, 22 Apr 2026 15:24:20 +0300","Message-ID":"<20260422122424.43776-90-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","References":"<20260422122424.43776-1-andrei.otcheretianski@intel.com>","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260422_052732_317328_EC01FEF3 ","X-CRM114-Status":"GOOD ( 15.54 )","X-Spam-Score":"-4.4 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: If pairing is used, PASN cipher suites (7,\n 8) should be used\n for NDP establishment as well. Signed-off-by: Andrei Otcheretianski\n \n --- src/common/nan_defs.h | 8 ++++++++ src/nan/nan_crypto.c | 22\n ++++++++++++++--------\n src/nan/nan_sec.c | 33 +++++++++++++++--- [...]\n Content analysis details: (-4.4 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [192.198.163.17 listed in list.dnswl.org]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" ","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"If pairing is used, PASN cipher suites (7, 8) should be used for NDP\nestablishment as well.\n\nSigned-off-by: Andrei Otcheretianski \n---\n src/common/nan_defs.h | 8 ++++++++\n src/nan/nan_crypto.c | 22 ++++++++++++++--------\n src/nan/nan_sec.c | 33 +++++++++++++++------------------\n wpa_supplicant/nan_supplicant.c | 7 ++++++-\n 4 files changed, 43 insertions(+), 27 deletions(-)","diff":"diff --git a/src/common/nan_defs.h b/src/common/nan_defs.h\nindex b851d6219c..e9b6f21be6 100644\n--- a/src/common/nan_defs.h\n+++ b/src/common/nan_defs.h\n@@ -496,6 +496,14 @@ enum nan_cipher_suite_id {\n \tNAN_CS_MAX\n };\n \n+/* Helper macros to check CSID properties */\n+#define NAN_CS_IS_128(csid) \\\n+\t((csid) == NAN_CS_SK_CCM_128 || (csid) == NAN_CS_PK_PASN_128)\n+#define NAN_CS_IS_256(csid) \\\n+\t((csid) == NAN_CS_SK_GCM_256 || (csid) == NAN_CS_PK_PASN_256)\n+#define NAN_CS_IS_VALID_NDP(csid) \\\n+\t(NAN_CS_IS_128(csid) || NAN_CS_IS_256(csid))\n+\n struct nan_cipher_suite {\n \tu8 csid; /* Cipher Suite ID */\n \tu8 instance_id; /* Publish ID */\ndiff --git a/src/nan/nan_crypto.c b/src/nan/nan_crypto.c\nindex 7f4f50971c..b2632ea920 100644\n--- a/src/nan/nan_crypto.c\n+++ b/src/nan/nan_crypto.c\n@@ -30,8 +30,10 @@ static size_t nan_crypto_cipher_kck_len(enum nan_cipher_suite_id cipher)\n {\n \tswitch (cipher) {\n \tcase NAN_CS_SK_CCM_128:\n+\tcase NAN_CS_PK_PASN_128:\n \t\treturn 16;\n \tcase NAN_CS_SK_GCM_256:\n+\tcase NAN_CS_PK_PASN_256:\n \t\treturn 24;\n \tdefault:\n \t\treturn 0;\n@@ -58,8 +60,10 @@ static size_t nan_cipher_key_len(enum nan_cipher_suite_id cipher)\n {\n \tswitch (cipher) {\n \tcase NAN_CS_SK_CCM_128:\n+\tcase NAN_CS_PK_PASN_128:\n \t\treturn 16;\n \tcase NAN_CS_SK_GCM_256:\n+\tcase NAN_CS_PK_PASN_256:\n \t\treturn 32;\n \tdefault:\n \t\treturn 0;\n@@ -112,7 +116,7 @@ int nan_crypto_pmk_to_ptk(const u8 *pmk, const u8 *iaddr, const u8 *raddr,\n \tsize_t ptk_len;\n \tint ret;\n \n-\tif (cipher != NAN_CS_SK_CCM_128 && cipher != NAN_CS_SK_GCM_256)\n+\tif (!NAN_CS_IS_VALID_NDP(cipher))\n \t\treturn -1;\n \n \tif (!ptk)\n@@ -129,7 +133,7 @@ int nan_crypto_pmk_to_ptk(const u8 *pmk, const u8 *iaddr, const u8 *raddr,\n \tptk->tk_len = nan_cipher_key_len(cipher);\n \tptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len;\n \n-\tif (cipher == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(cipher))\n \t\tret = sha256_prf(pmk, PMK_LEN, NAN_PTK_LABEL, data,\n \t\t\t\t sizeof(data), tmp, ptk_len);\n \telse\n@@ -183,7 +187,7 @@ int nan_crypto_calc_pmkid(const u8 *pmk, const u8 *iaddr, const u8 *raddr,\n \tos_memset(data, 0, sizeof(data));\n \tos_memset(digest, 0, sizeof(digest));\n \n-\tif (cipher != NAN_CS_SK_CCM_128 && cipher != NAN_CS_SK_GCM_256)\n+\tif (!NAN_CS_IS_VALID_NDP(cipher))\n \t\treturn -1;\n \n \tif (!serv_id || is_zero_ether_addr(serv_id))\n@@ -198,7 +202,7 @@ int nan_crypto_calc_pmkid(const u8 *pmk, const u8 *iaddr, const u8 *raddr,\n \n \twpa_hexdump_key(MSG_DEBUG, \"NAN: PMKID data\", data, sizeof(data));\n \n-\tif (cipher == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(cipher))\n \t\tret = hmac_sha256(pmk, PMK_LEN, data, sizeof(data), digest);\n \telse\n \t\tret = hmac_sha384(pmk, PMK_LEN, data, sizeof(data), digest);\n@@ -228,10 +232,10 @@ int nan_crypto_calc_auth_token(enum nan_cipher_suite_id cipher,\n \tu8 hash[MAX_MAC_LEN];\n \tint ret;\n \n-\tif (cipher != NAN_CS_SK_CCM_128 && cipher != NAN_CS_SK_GCM_256)\n+\tif (!NAN_CS_IS_VALID_NDP(cipher))\n \t\treturn -1;\n \n-\tif (cipher == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(cipher))\n \t\tret = nan_crypto_sha256(buf, len, hash);\n \telse\n \t\tret = nan_crypto_sha384(buf, len, hash);\n@@ -268,13 +272,13 @@ int nan_crypto_key_mic(const u8 *buf, size_t len, const u8 *kck,\n \n \tos_memset(digest, 0, sizeof(digest));\n \n-\tif (cipher != NAN_CS_SK_CCM_128 && cipher != NAN_CS_SK_GCM_256)\n+\tif (!NAN_CS_IS_VALID_NDP(cipher))\n \t\treturn -1;\n \n \twpa_hexdump_key(MSG_DEBUG, \"NAN: MIC data\", buf, len);\n \twpa_hexdump_key(MSG_DEBUG, \"NAN: KCK\", kck, kck_len);\n \n-\tif (cipher == NAN_CS_SK_CCM_128) {\n+\tif (NAN_CS_IS_128(cipher)) {\n \t\tmic_len = NAN_KEY_MIC_LEN;\n \t\tret = hmac_sha256(kck, kck_len, buf, len, digest);\n \t} else {\n@@ -305,8 +309,10 @@ int nan_crypto_derive_nd_pmk(const char *pwd, const u8 *service_id,\n \n \tswitch (csid) {\n \tcase NAN_CS_SK_CCM_128:\n+\tcase NAN_CS_PK_PASN_128:\n \t\treturn pbkdf2_sha256(pwd, salt, sizeof(salt), 4096, nd_pmk, 32);\n \tcase NAN_CS_SK_GCM_256:\n+\tcase NAN_CS_PK_PASN_256:\n \t\treturn pbkdf2_sha384(pwd, salt, sizeof(salt), 4096, nd_pmk, 32);\n \tdefault:\n \t\treturn -1;\ndiff --git a/src/nan/nan_sec.c b/src/nan/nan_sec.c\nindex 995d358b77..d3d8b90d0e 100644\n--- a/src/nan/nan_sec.c\n+++ b/src/nan/nan_sec.c\n@@ -120,8 +120,7 @@ static int nan_sec_parse_csia(const u8 *csia, size_t csia_len, u8 *instance_id,\n \t\t\t\treturn -1;\n \t\t\t}\n \n-\t\t\tif (cs->csid != NAN_CS_SK_CCM_128 &&\n-\t\t\t cs->csid != NAN_CS_SK_GCM_256) {\n+\t\t\tif (!NAN_CS_IS_VALID_NDP(cs->csid)) {\n \t\t\t\twpa_printf(MSG_DEBUG,\n \t\t\t\t\t \"NAN: SEC: Unsupported cipher suite=%u\",\n \t\t\t\t\t cs->csid);\n@@ -206,9 +205,9 @@ static int nan_sec_key_mic_ver(struct nan_data *nan, const u8 *buf, size_t len,\n \n \tos_memset(mic, 0, sizeof(mic));\n \n-\tif (csid == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(csid))\n \t\tmic_len = NAN_KEY_MIC_LEN;\n-\telse if (csid == NAN_CS_SK_GCM_256)\n+\telse if (NAN_CS_IS_256(csid))\n \t\tmic_len = NAN_KEY_MIC_24_LEN;\n \telse\n \t\treturn -1;\n@@ -270,7 +269,7 @@ static int nan_sec_rx_m2(struct nan_data *nan, struct nan_peer *peer,\n \t * with the MIC differently.\n \t */\n \tpos = (const u8 *) (key + 1);\n-\tif (ndp_sec->i_csid == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(ndp_sec->i_csid))\n \t\tpos += NAN_KEY_MIC_LEN;\n \telse\n \t\tpos += NAN_KEY_MIC_24_LEN;\n@@ -338,7 +337,7 @@ static int nan_sec_rx_m3(struct nan_data *nan, struct nan_peer *peer,\n \t * with the mic differently\n \t */\n \tpos = (u8 *) (key + 1);\n-\tif (ndp_sec->i_csid == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(ndp_sec->i_csid))\n \t\tmic_len = NAN_KEY_MIC_LEN;\n \telse\n \t\tmic_len = NAN_KEY_MIC_24_LEN;\n@@ -396,7 +395,7 @@ static int nan_sec_rx_m4(struct nan_data *nan, struct nan_peer *peer,\n \t * Due to the different MIC size, need to handle the fields starting\n \t * with the mic differently\n \t */\n-\tif (ndp_sec->i_csid == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(ndp_sec->i_csid))\n \t\tpos += NAN_KEY_MIC_LEN;\n \telse\n \t\tpos += NAN_KEY_MIC_24_LEN;\n@@ -490,7 +489,7 @@ int nan_sec_rx(struct nan_data *nan, struct nan_peer *peer,\n \n \ttotal_len = sizeof(*key) + 2;\n \n-\tif (cipher == NAN_CS_SK_CCM_128) {\n+\tif (NAN_CS_IS_128(cipher)) {\n \t\tif (shared_key_desc_len <\n \t\t sizeof(struct nan_shared_key) + sizeof(*key) +\n \t\t NAN_KEY_MIC_LEN + 2) {\n@@ -655,9 +654,9 @@ static int nan_sec_add_m1_attrs(struct nan_data *nan, struct nan_peer *peer,\n \tsize_t key_len = sizeof(struct wpa_eapol_key) + 2;\n \tint ret;\n \n-\tif (ndp_sec->i_csid == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(ndp_sec->i_csid))\n \t\tkey_len += NAN_KEY_MIC_LEN;\n-\telse if (ndp_sec->i_csid == NAN_CS_SK_GCM_256)\n+\telse if (NAN_CS_IS_256(ndp_sec->i_csid))\n \t\tkey_len += NAN_KEY_MIC_24_LEN;\n \telse\n \t\treturn -1;\n@@ -738,9 +737,9 @@ static int nan_sec_add_m2_attrs(struct nan_data *nan, struct nan_peer *peer,\n \tsize_t key_len;\n \n \tkey_len = sizeof(struct wpa_eapol_key) + 2;\n-\tif (ndp_sec->i_csid == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(ndp_sec->i_csid))\n \t\tkey_len += NAN_KEY_MIC_LEN;\n-\telse if (ndp_sec->i_csid == NAN_CS_SK_GCM_256)\n+\telse if (NAN_CS_IS_256(ndp_sec->i_csid))\n \t\tkey_len += NAN_KEY_MIC_24_LEN;\n \telse\n \t\treturn -1;\n@@ -811,9 +810,9 @@ static int nan_sec_add_key_attrs(struct nan_data *nan, struct nan_peer *peer,\n \tu16 info;\n \tsize_t key_len = sizeof(struct wpa_eapol_key) + 2;\n \n-\tif (ndp_sec->i_csid == NAN_CS_SK_CCM_128)\n+\tif (NAN_CS_IS_128(ndp_sec->i_csid))\n \t\tkey_len += NAN_KEY_MIC_LEN;\n-\telse if (ndp_sec->i_csid == NAN_CS_SK_GCM_256)\n+\telse if (NAN_CS_IS_256(ndp_sec->i_csid))\n \t\tkey_len += NAN_KEY_MIC_24_LEN;\n \telse\n \t\treturn -1;\n@@ -903,8 +902,7 @@ int nan_sec_add_attrs(struct nan_data *nan, struct nan_peer *peer,\n \tnan_sec_dump(nan, peer);\n \n \t/* No security configuration */\n-\tif (peer->ndp_setup.sec.i_csid != NAN_CS_SK_CCM_128 &&\n-\t peer->ndp_setup.sec.i_csid != NAN_CS_SK_GCM_256)\n+\tif (!NAN_CS_IS_VALID_NDP(peer->ndp_setup.sec.i_csid))\n \t\treturn 0;\n \n \tswitch (subtype) {\n@@ -1154,8 +1152,7 @@ bool nan_sec_ndp_store_keys(struct nan_data *nan, struct nan_peer *peer,\n \t peer->ndp_setup.state != NAN_NDP_STATE_DONE)\n \t\treturn false;\n \n-\tif (ndp_sec->i_csid != NAN_CS_SK_CCM_128 &&\n-\t ndp_sec->i_csid != NAN_CS_SK_GCM_256)\n+\tif (!NAN_CS_IS_VALID_NDP(ndp_sec->i_csid))\n \t\treturn false;\n \n \tdl_list_for_each_safe(cur, next, &peer->info.sec,\ndiff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex ab9209e0f3..7f86567e1f 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -366,9 +366,11 @@ static int wpas_nan_set_ndi_keys(struct wpa_supplicant *wpa_s,\n \tos_memset(rsc, 0, sizeof(rsc));\n \tswitch (csid) {\n \tcase NAN_CS_SK_CCM_128:\n+\tcase NAN_CS_PK_PASN_128:\n \t\talg = WPA_ALG_CCMP;\n \t\tbreak;\n \tcase NAN_CS_SK_GCM_256:\n+\tcase NAN_CS_PK_PASN_256:\n \t\talg = WPA_ALG_GCMP_256;\n \t\tbreak;\n \tdefault:\n@@ -1171,10 +1173,13 @@ int wpas_nan_init(struct wpa_supplicant *wpa_s)\n \t\t!!(wpa_s->nan_capa.drv_flags &\n \t\t WPA_DRIVER_FLAGS_NAN_SUPPORT_USERSPACE_DE);\n \n-\t/* Currently support shared key suites only */\n \twpa_s->nan_supported_csids = BIT(NAN_CS_SK_CCM_128) |\n \t\tBIT(NAN_CS_SK_GCM_256);\n \n+#ifdef CONFIG_PASN\n+\twpa_s->nan_supported_csids |= BIT(NAN_CS_PK_PASN_128) |\n+\t\t\t\t BIT(NAN_CS_PK_PASN_256);\n+#endif /* CONFIG_PASN */\n \treturn 0;\n }\n \n","prefixes":["89/92"]}