[PATCH 11/92] NAN: Add a function for deriving NIRA's tag from NIK

Wed Apr 22 05:23:02 PDT 2026

From: Avraham Stern <avraham.stern at intel.com>

Add a function to derive the corresponding tag for a given NIK,
NMI address and nonce.

Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
 src/common/nan_defs.h |  6 +++++
 src/nan/nan.h         |  3 +++
 src/nan/nan_crypto.c  | 58 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 67 insertions(+)

diff --git a/src/common/nan_defs.h b/src/common/nan_defs.h
index dcb2f76d6b..48a3bcf493 100644
--- a/src/common/nan_defs.h
+++ b/src/common/nan_defs.h
@@ -558,4 +558,10 @@ struct nan_shared_key {
 #define NAN_DEV_CAPA_EXT_INFO_1_PAIRING_SETUP     BIT(0)
 #define NAN_DEV_CAPA_EXT_INFO_1_NPK_NIK_CACHING   BIT(1)
 
+#define NAN_NIRA_NONCE_LEN	8
+#define NAN_NIRA_TAG_LEN	8
+#define NAN_NIRA_STR_LEN	3
+#define NAN_NIRA_CIPHER_VER_128	0
+#define NAN_NIK_LEN		16
+
 #endif /* NAN_DEFS_H */
diff --git a/src/nan/nan.h b/src/nan/nan.h
index f012d43638..b2cafdb3f5 100644
--- a/src/nan/nan.h
+++ b/src/nan/nan.h
@@ -659,6 +659,9 @@ int nan_set_bootstrap_configuration(struct nan_data *nan,
 				    u16 supported_bootstrap_methods,
 				    u16 auto_accept_bootstrap_methods,
 				    u16 bootstrap_comeback_timeout);
+struct wpabuf *nan_crypto_derive_nira_tag(const u8 *nik, size_t nik_len,
+					  const u8 *nmi_addr,
+					  const u8 *nira_nonce);
 #ifdef CONFIG_PASN
 int nan_pairing_add_attrs(struct nan_data *nan_data, struct wpabuf *buf);
 #else
diff --git a/src/nan/nan_crypto.c b/src/nan/nan_crypto.c
index 5e5764a0f7..421e271010 100644
--- a/src/nan/nan_crypto.c
+++ b/src/nan/nan_crypto.c
@@ -309,3 +309,61 @@ int nan_crypto_derive_nd_pmk(const char *pwd, const u8 *service_id,
 		return -1;
 	}
 }
+
+/**
+ * nan_crypto_derive_nira_tag - Derive NIRA tag
+ *
+ * @nik: NAN Identity Key
+ * @nik_len: Length of &nik
+ * @nmi_addr: NAN Management Interface address (6 bytes)
+ * @nira_nonce: NIRA nonce (8 bytes)
+ * Returns: wpabuf containing the derived tag (8 bytes) or %NULL on failure
+ *
+ * Derives a NIRA tag for cipher version 0 using HMAC-SHA-256:
+ * Tag = Truncate-64(HMAC-SHA-256(NIK, "NIR" || NMI Address || Nonce))
+ * The caller is responsible for freeing the returned wpabuf using
+ * wpabuf_free().
+ */
+struct wpabuf *nan_crypto_derive_nira_tag(const u8 *nik, size_t nik_len,
+					  const u8 *nmi_addr,
+					  const u8 *nira_nonce)
+{
+	u8 data[NAN_NIRA_STR_LEN + ETH_ALEN + NAN_NIRA_NONCE_LEN];
+	u8 tag[SHA256_MAC_LEN];
+	struct wpabuf *tag_buf;
+
+	if (!nik || nik_len != NAN_NIK_LEN) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: Invalid NIK for tag derivation (len=%zu)",
+			   nik ? nik_len : 0);
+		return NULL;
+	}
+
+	if (!nmi_addr || !nira_nonce) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: Invalid parameters for tag derivation");
+		return NULL;
+	}
+
+	/* Construct data: "NIR" || NMI Address || Nonce */
+	os_memcpy(data, "NIR", NAN_NIRA_STR_LEN);
+	os_memcpy(&data[NAN_NIRA_STR_LEN], nmi_addr, ETH_ALEN);
+	os_memcpy(&data[NAN_NIRA_STR_LEN + ETH_ALEN], nira_nonce,
+		  NAN_NIRA_NONCE_LEN);
+
+	/* Compute HMAC-SHA-256(NIK, data) */
+	if (hmac_sha256(nik, NAN_NIK_LEN, data, sizeof(data), tag) < 0) {
+		wpa_printf(MSG_DEBUG, "NAN: Failed to compute HMAC for tag");
+		return NULL;
+	}
+
+	tag_buf = wpabuf_alloc_copy(tag, NAN_NIRA_TAG_LEN);
+	if (!tag_buf)
+		wpa_printf(MSG_DEBUG, "NAN: Failed to allocate tag buffer");
+	else
+		wpa_hexdump(MSG_DEBUG, "NAN: Derived NIRA tag",
+			    wpabuf_head(tag_buf), wpabuf_len(tag_buf));
+
+	forced_memzero(tag, sizeof(tag));
+	return tag_buf;
+}
-- 
2.53.0


