[PATCH 50/92] NAN: Add Security Context Information attribute to publish messages
Andrei Otcheretianski
andrei.otcheretianski at intel.com
Wed Apr 22 05:23:41 PDT 2026
From: Avraham Stern <avraham.stern at intel.com>
When a ND-PMK is available for a service, add a the Security Context
Information attribute to publish messages to advertise the set of
available Security Context Identifiers for the service.
Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
src/common/nan_de.c | 43 +++++++++++++++++++++++++++++++++++++++++++
src/common/nan_de.h | 3 +++
2 files changed, 46 insertions(+)
diff --git a/src/common/nan_de.c b/src/common/nan_de.c
index acb1ada7f7..779e3f11aa 100644
--- a/src/common/nan_de.c
+++ b/src/common/nan_de.c
@@ -16,6 +16,7 @@
#include "ieee802_11_defs.h"
#include "nan_defs.h"
#include "nan_de.h"
+#include "nan/nan_i.h"
static const u8 nan_network_id[ETH_ALEN] =
{ 0x51, 0x6f, 0x9a, 0x01, 0x00, 0x00 };
@@ -91,6 +92,9 @@ struct nan_de_service {
/* Bitmap of NAN_CS_INFO_CAPA_* */
u8 security_capab;
+
+ /* PMKIDs list for this service */
+ struct dl_list pmkid_list;
};
#define NAN_DE_N_MIN 5
@@ -174,6 +178,9 @@ static void nan_de_service_free(struct nan_de_service *srv)
wpabuf_free(srv->srf);
os_free(srv->freq_list);
os_free(srv->cipher_suites_list);
+#ifdef CONFIG_NAN
+ nan_crypto_clear_pmkid_list(&srv->pmkid_list);
+#endif /* CONFIG_NAN */
os_free(srv);
}
@@ -356,6 +363,15 @@ static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
cs_num * sizeof(struct nan_cipher_suite);
}
+ /* Security Context Information Attribute */
+ if (srv->type == NAN_DE_PUBLISH && !dl_list_empty(&srv->pmkid_list)) {
+ unsigned int list_len = dl_list_len(&srv->pmkid_list);
+
+ /* Each entry: sizeof(nan_sec_ctxt) + PMKID_LEN */
+ len += NAN_ATTR_HDR_LEN +
+ list_len * (sizeof(struct nan_sec_ctxt) + PMKID_LEN);
+ }
+
buf = nan_de_alloc_sdf(len);
if (!buf)
return;
@@ -447,6 +463,24 @@ static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
}
}
+ if (srv->type == NAN_DE_PUBLISH && !dl_list_empty(&srv->pmkid_list)) {
+ struct nan_de_pmkid *pmkid;
+ u8 *len_ptr;
+
+ wpabuf_put_u8(buf, NAN_ATTR_SCIA);
+ len_ptr = wpabuf_put(buf, 2); /* length filled later */
+
+ dl_list_for_each(pmkid, &srv->pmkid_list, struct nan_de_pmkid,
+ list) {
+ wpabuf_put_le16(buf, PMKID_LEN);
+ wpabuf_put_u8(buf, NAN_SEC_CTX_TYPE_ND_PMKID);
+ wpabuf_put_u8(buf, srv->id);
+ wpabuf_put_data(buf, pmkid->pmkid, PMKID_LEN);
+ }
+
+ WPA_PUT_LE16(len_ptr, (u8 *)wpabuf_put(buf, 0) - len_ptr - 2);
+ }
+
nan_de_tx(de, srv->sync ? 0 : srv->freq, srv->sync ? 0 : wait_time,
dst, forced_addr, a3, buf);
wpabuf_free(buf);
@@ -1845,6 +1879,13 @@ int nan_de_publish(struct nan_de *de, const char *service_name,
goto fail;
}
+ dl_list_init(&srv->pmkid_list);
+#ifdef CONFIG_NAN
+ if (nan_crypto_pmkid_list(&srv->pmkid_list, de->nmi, srv->service_id,
+ srv->cipher_suites_list, params->nd_pmk) < 0)
+ goto fail;
+#endif /* CONFIG_NAN */
+
/* Prepare for single and multi-channel states; starting with
* single channel */
srv->first_multi_chan = true;
@@ -2124,6 +2165,8 @@ int nan_de_subscribe(struct nan_de *de, const char *service_name,
" for subscribe service", MAC2STR(srv->forced_addr));
}
+ dl_list_init(&srv->pmkid_list);
+
wpa_printf(MSG_DEBUG, "NAN: Assigned new subscribe handle %d for %s",
subscribe_id, service_name ? service_name : "Ranging");
srv->id = subscribe_id;
diff --git a/src/common/nan_de.h b/src/common/nan_de.h
index 089c003486..8af1bb2bc5 100644
--- a/src/common/nan_de.h
+++ b/src/common/nan_de.h
@@ -148,6 +148,9 @@ struct nan_publish_params {
/* Bitmap of NAN_CS_INFO_CAPA_* */
u8 security_capab;
+
+ /* ND-PMK to use for creating a list of PMKIDs for the service */
+ const u8 *nd_pmk;
};
/* Returns -1 on failure or >0 publish_id */
--
2.53.0
More information about the Hostap
mailing list