[PATCH 65/92] NAN: Add the option to set the NIK and its lifetime

Wed Apr 22 05:23:56 PDT 2026

From: Avraham Stern <avraham.stern at intel.com>

Add the option to set the NIK and the NIK lifetime.

Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
 src/nan/nan.h                   |  2 ++
 src/nan/nan_pairing.c           | 42 +++++++++++++++++++++++++++++++++
 wpa_supplicant/nan_supplicant.c | 23 ++++++++++++++++++
 3 files changed, 67 insertions(+)

diff --git a/src/nan/nan.h b/src/nan/nan.h
index 0a8629fad4..ab50545732 100644
--- a/src/nan/nan.h
+++ b/src/nan/nan.h
@@ -740,6 +740,8 @@ int nan_pairing_set_pairing_setup(struct nan_data *nan_data, bool value);
 int nan_pairing_set_npk_caching(struct nan_data *nan_data, bool value);
 int nan_pairing_set_pairing_verification(struct nan_data *nan_data, bool value);
 int nan_pairing_set_cipher_suites(struct nan_data *nan_data, u32 value);
+int nan_pairing_set_nik(struct nan_data *nan, const u8 *nik, size_t nik_len);
+int nan_pairing_set_nik_lifetime(struct nan_data *nan, u32 lifetime);
 bool nan_pairing_is_peer_paired(struct nan_data *nan_data, const u8 *peer_addr);
 #else
 static inline int nan_pairing_add_attrs(struct nan_data *nan_data,
diff --git a/src/nan/nan_pairing.c b/src/nan/nan_pairing.c
index 848b5ef928..0e2e87d039 100644
--- a/src/nan/nan_pairing.c
+++ b/src/nan/nan_pairing.c
@@ -1382,6 +1382,48 @@ int nan_pairing_set_cipher_suites(struct nan_data *nan, u32 value)
 }
 
 
+int nan_pairing_set_nik(struct nan_data *nan, const u8 *nik, size_t nik_len)
+{
+	u8 nonce[NAN_NIRA_NONCE_LEN];
+	u8 tag[NAN_NIRA_TAG_LEN];
+
+	if (!nik || nik_len != NAN_NIK_LEN) {
+		wpa_printf(MSG_DEBUG, "NAN: Pairing: Invalid NIK (len=%zu)",
+			   nik_len);
+		return -1;
+	}
+
+	if (nan->cfg->pairing_cfg.pairing_verification &&
+	    nan_nira_get_tag_nonce(nan->cfg, nonce, tag) < 0) {
+		wpa_printf(MSG_DEBUG, "NAN: Failed to set NIRA for new NIK");
+		return -1;
+	}
+
+	os_memcpy(nan->cfg->nik, nik, NAN_NIK_LEN);
+	os_memcpy(nan->nira_nonce, nonce, NAN_NIRA_NONCE_LEN);
+	os_memcpy(nan->nira_tag, tag, NAN_NIRA_TAG_LEN);
+
+	wpa_hexdump_key(MSG_DEBUG, "NAN: new NIK", nan->cfg->nik, NAN_NIK_LEN);
+	return 0;
+}
+
+
+int nan_pairing_set_nik_lifetime(struct nan_data *nan, u32 lifetime)
+{
+	if (!lifetime) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: Pairing: Invalid NIK lifetime (%u)",
+			   lifetime);
+		return -1;
+	}
+
+	nan->cfg->nik_lifetime = lifetime;
+	wpa_printf(MSG_DEBUG, "NAN: SET: NIK lifetime: %u seconds",
+		   lifetime);
+	return 0;
+}
+
+
 bool nan_pairing_is_peer_paired(struct nan_data *nan_data, const u8 *peer_addr)
 {
 	struct nan_peer *peer;
diff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c
index c58e18016e..1f7578ac45 100644
--- a/wpa_supplicant/nan_supplicant.c
+++ b/wpa_supplicant/nan_supplicant.c
@@ -1354,6 +1354,29 @@ int wpas_nan_set(struct wpa_supplicant *wpa_s, char *cmd)
 #undef NAN_PARSE_PAIRING_BOOL
 #undef NAN_PARSE_PAIRING_INT
 
+	if (os_strcmp("nik", cmd) == 0) {
+		u8 nik[NAN_NIK_LEN];
+
+		/* Parse NIK value (hex string) */
+		if (hexstr2bin(param, nik, NAN_NIK_LEN) < 0) {
+			wpa_printf(MSG_DEBUG, "NAN: Invalid NIK format");
+			return -1;
+		}
+
+		return nan_pairing_set_nik(wpa_s->nan, nik, NAN_NIK_LEN);
+	}
+
+	if (os_strcmp("nik_lifetime", cmd) == 0) {
+		u32 lifetime = atoi(param);
+
+		if (lifetime == 0) {
+			wpa_printf(MSG_DEBUG, "NAN: Invalid NIK lifetime");
+			return -1;
+		}
+
+		return nan_pairing_set_nik_lifetime(wpa_s->nan, lifetime);
+	}
+
 	wpa_printf(MSG_INFO, "NAN: Unknown NAN_SET cmd='%s'", cmd);
 	return -1;
 }
-- 
2.53.0


