[PATCH 48/92] NAN: Add Cipher Suite Information attribute to publish messages
Andrei Otcheretianski
andrei.otcheretianski at intel.com
Wed Apr 22 05:23:39 PDT 2026
From: Avraham Stern <avraham.stern at intel.com>
Add the Cipher Suite Information attribute (CSIA) to publish messages.
The CSIA is used to indicate the set of cipher suites supported by a
publisher for NDP setup.
Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
src/common/nan_de.c | 48 +++++++++++++++++++++++++++++++++++++++++++++
src/common/nan_de.h | 6 ++++++
2 files changed, 54 insertions(+)
diff --git a/src/common/nan_de.c b/src/common/nan_de.c
index 893a2ce510..acb1ada7f7 100644
--- a/src/common/nan_de.c
+++ b/src/common/nan_de.c
@@ -86,6 +86,11 @@ struct nan_de_service {
/* Bootstrapping methods */
u16 pbm;
+ /* For Publish - NULL terminated list of supported cipher suites */
+ int *cipher_suites_list;
+
+ /* Bitmap of NAN_CS_INFO_CAPA_* */
+ u8 security_capab;
};
#define NAN_DE_N_MIN 5
@@ -168,6 +173,7 @@ static void nan_de_service_free(struct nan_de_service *srv)
wpabuf_free(srv->matching_filter_rx);
wpabuf_free(srv->srf);
os_free(srv->freq_list);
+ os_free(srv->cipher_suites_list);
os_free(srv);
}
@@ -303,6 +309,7 @@ static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
u8 ctrl = type;
u16 sdea_ctrl = 0;
const u8 *forced_addr;
+ size_t cs_num = int_array_len(srv->cipher_suites_list);
/* Service Descriptor attribute */
sda_len = NAN_SERVICE_ID_LEN + 1 + 1 + 1;
@@ -343,6 +350,12 @@ static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
len += attrs ? wpabuf_len(attrs) : 0;
+ /* Cipher Suite Information Attribute */
+ if (srv->type == NAN_DE_PUBLISH && srv->cipher_suites_list) {
+ len += NAN_ATTR_HDR_LEN + sizeof(struct nan_cipher_suite_info) +
+ cs_num * sizeof(struct nan_cipher_suite);
+ }
+
buf = nan_de_alloc_sdf(len);
if (!buf)
return;
@@ -421,6 +434,19 @@ static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
wpabuf_put_buf(buf, attrs);
}
+ if (srv->type == NAN_DE_PUBLISH && srv->cipher_suites_list) {
+ size_t i;
+
+ wpabuf_put_u8(buf, NAN_ATTR_CSIA);
+ wpabuf_put_le16(buf, sizeof(struct nan_cipher_suite_info) +
+ cs_num * sizeof(struct nan_cipher_suite));
+ wpabuf_put_u8(buf, srv->security_capab);
+ for (i = 0; i < cs_num; i++) {
+ wpabuf_put_u8(buf, (u8)srv->cipher_suites_list[i]);
+ wpabuf_put_u8(buf, srv->id);
+ }
+ }
+
nan_de_tx(de, srv->sync ? 0 : srv->freq, srv->sync ? 0 : wait_time,
dst, forced_addr, a3, buf);
wpabuf_free(buf);
@@ -1797,6 +1823,28 @@ int nan_de_publish(struct nan_de *de, const char *service_name,
" for publish service", MAC2STR(srv->forced_addr));
}
+ srv->security_capab = params->security_capab;
+
+ if (params->cipher_suites_list) {
+ int i = 0;
+
+ while (params->cipher_suites_list[i] && i < NAN_CS_MAX) {
+ if (params->cipher_suites_list[i] >= NAN_CS_MAX) {
+ wpa_printf(MSG_DEBUG,
+ "NAN: Invalid cipher suite %d in publish",
+ params->cipher_suites_list[i]);
+ goto fail;
+ }
+
+ i++;
+ }
+
+ srv->cipher_suites_list =
+ int_array_dup(params->cipher_suites_list);
+ if (!srv->cipher_suites_list)
+ goto fail;
+ }
+
/* Prepare for single and multi-channel states; starting with
* single channel */
srv->first_multi_chan = true;
diff --git a/src/common/nan_de.h b/src/common/nan_de.h
index 258a551ba7..089c003486 100644
--- a/src/common/nan_de.h
+++ b/src/common/nan_de.h
@@ -142,6 +142,12 @@ struct nan_publish_params {
* Table 128
*/
u16 pbm;
+
+ /* NULL terminated list of cipher suites */
+ const int *cipher_suites_list;
+
+ /* Bitmap of NAN_CS_INFO_CAPA_* */
+ u8 security_capab;
};
/* Returns -1 on failure or >0 publish_id */
--
2.53.0
More information about the Hostap
mailing list