[PATCH 84/92] NAN: Add key_mgmt and verify flag to NAN-PAIRING-REQUEST notification

Wed Apr 22 05:24:15 PDT 2026

Change pairing_request callback to accept the parsed RSN IE data
from the peer's PASN Auth1 frame.
Print key_mgmt and indicate whether it is a verification request.
- key_mgmt: displayed in human-readable format
- verify: is a boolean value, indicating whether PMKID was provided in
  auth1 frame.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski at intel.com>
---
 src/nan/nan.h                   |  5 ++++-
 src/nan/nan_pairing.c           | 22 +++++++++++++++++++++-
 wpa_supplicant/nan_supplicant.c |  8 ++++++--
 wpa_supplicant/notify.c         |  9 ++++++---
 wpa_supplicant/notify.h         |  3 ++-
 5 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/src/nan/nan.h b/src/nan/nan.h
index c66b6a3b5a..2beb0dbc2c 100644
--- a/src/nan/nan.h
+++ b/src/nan/nan.h
@@ -672,8 +672,11 @@ struct nan_config {
 	 * @peer_nmi: Peer NMI address
 	 * @csid: Cipher suite ID requested by the peer
 	 * @instance_id: Service instance ID for which the pairing is requested
+	 * @rsn_data: Parsed RSN IE data from peer's Auth frame
 	 */
-	void (*pairing_request)(void *ctx, const u8 *peer_nmi, u8 csid, u8 instance_id);
+	void (*pairing_request)(void *ctx, const u8 *peer_nmi, u8 csid,
+				u8 instance_id,
+				const struct wpa_ie_data *rsn_data);
 };
 
 struct nan_data * nan_init(const struct nan_config *cfg);
diff --git a/src/nan/nan_pairing.c b/src/nan/nan_pairing.c
index 43b59e154f..029486a385 100644
--- a/src/nan/nan_pairing.c
+++ b/src/nan/nan_pairing.c
@@ -1228,6 +1228,8 @@ int nan_pairing_auth_rx(struct nan_data *nan_data,
 		if (status_code == WLAN_STATUS_SUCCESS &&
 		    auth_transaction == 1) {
 			struct nan_cipher_suite cs;
+			const u8 *rsn_ie;
+			struct wpa_ie_data rsn_data;
 
 			if (nan_pairing_process_elems(nan_data, peer, mgmt, len, &cs)) {
 				wpa_printf(MSG_DEBUG,
@@ -1235,6 +1237,23 @@ int nan_pairing_auth_rx(struct nan_data *nan_data,
 				return -1;
 			}
 
+			rsn_ie = get_ie(mgmt->u.auth.variable,
+					len - offsetof(struct ieee80211_mgmt,
+					u.auth.variable),
+					WLAN_EID_RSN);
+			if (!rsn_ie) {
+				wpa_printf(MSG_DEBUG,
+					   "NAN: Pairing: RSN IE missing in Auth1");
+				return -1;
+			}
+
+			if (wpa_parse_wpa_ie_rsn(rsn_ie, rsn_ie[1] + 2,
+						 &rsn_data)) {
+				wpa_printf(MSG_DEBUG,
+					   "NAN: Pairing: Failed to parse RSN IE in Auth1");
+				return -1;
+			}
+
 			wpabuf_free(peer->pairing.pending_auth1);
 			peer->pairing.pending_auth1 =
 				wpabuf_alloc_copy((const u8 *)mgmt, len);
@@ -1243,7 +1262,8 @@ int nan_pairing_auth_rx(struct nan_data *nan_data,
 
 			nan_data->cfg->pairing_request(nan_data->cfg->cb_ctx,
 						       peer->nmi_addr, cs.csid,
-						       cs.instance_id);
+						       cs.instance_id,
+						       &rsn_data);
 			return 0;
 		}
 
diff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c
index 8a24937137..c083c4ade8 100644
--- a/wpa_supplicant/nan_supplicant.c
+++ b/wpa_supplicant/nan_supplicant.c
@@ -1028,10 +1028,14 @@ static const struct wpabuf *wpas_nan_get_npk_akmp_cb(void *ctx,
 
 static void
 wpas_nan_pasn_pairing_request_cb(void *ctx, const u8 *peer_nmi, u8 csid,
-				 u8 instance_id)
+				 u8 instance_id,
+				 const struct wpa_ie_data *rsn_data)
 {
 	struct wpa_supplicant *wpa_s = ctx;
-	wpas_notify_nan_pairing_request(wpa_s, peer_nmi, csid, instance_id);
+
+	wpas_notify_nan_pairing_request(wpa_s, peer_nmi, csid, instance_id,
+					rsn_data->key_mgmt,
+					!!rsn_data->num_pmkid);
 }
 #endif /* CONFIG_PASN */
 
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index 80545c456d..8a0cabc052 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -1333,11 +1333,14 @@ out:
 
 void wpas_notify_nan_pairing_request(struct wpa_supplicant *wpa_s,
 				     const u8 *peer_nmi, u8 csid,
-				     u8 instance_id)
+				     u8 instance_id, int key_mgmt,
+				     bool verify)
 {
 	wpa_msg_global(wpa_s, MSG_INFO, NAN_PAIRING_REQUEST
-		       "peer_nmi=" MACSTR " csid=%u instance_id=%u",
-		       MAC2STR(peer_nmi), csid, instance_id);
+		       "peer_nmi=" MACSTR " csid=%u instance_id=%u key_mgmt=%s verify=%d",
+		       MAC2STR(peer_nmi), csid, instance_id,
+		       wpa_key_mgmt_txt(key_mgmt, WPA_PROTO_RSN),
+		       verify);
 }
 
 
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
index 2ef2b59d32..3d683c4219 100644
--- a/wpa_supplicant/notify.h
+++ b/wpa_supplicant/notify.h
@@ -232,7 +232,8 @@ void wpas_notify_nan_bootstrap_failure(struct wpa_supplicant *wpa_s,
 				       u8 requestor_instance_id);
 void wpas_notify_nan_pairing_request(struct wpa_supplicant *wpa_s,
 				     const u8 *peer_nmi, u8 csid,
-				     u8 instance_id);
+				     u8 instance_id, int key_mgmt,
+				     bool verify);
 void wpas_notify_nan_ndp_request(struct wpa_supplicant *wpa_s,
 				 const u8 *peer_nmi, const u8 *init_ndi,
 				 u32 ndp_id, u8 publish_inst_id,
-- 
2.53.0


