[PATCH 22/97] NAN: Add and implement set_group_key() callback

Tue Apr 28 13:05:23 PDT 2026

From: Avraham Stern <avraham.stern at intel.com>

Add a callback for installing a group key. This callback will be used
for installing the IGTK/BIGTK.

Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
 src/nan/nan.h                   | 22 ++++++++++++++++++++++
 wpa_supplicant/nan_supplicant.c | 12 ++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/src/nan/nan.h b/src/nan/nan.h
index 979fb66c14..f4e839aa4d 100644
--- a/src/nan/nan.h
+++ b/src/nan/nan.h
@@ -697,6 +697,28 @@ struct nan_config {
 	void (*pairing_request)(void *ctx, const u8 *peer_nmi, u8 csid,
 				u8 instance_id,
 				const struct wpa_ie_data *rsn_data);
+
+	/**
+	 * set_group_key - Install a group key
+	 *
+	 * @ctx: Callback context from cb_ctx
+	 * @alg: Encryption algorithm (WPA_ALG_* )
+	 * @addr: Address of the peer STA for Rx group keys, ff:ff:ff:ff:ff:ff
+	 *	for Tx keys; when clearing keys, %NULL is used to
+	 *	indicate that both the broadcast-only and default key of the
+	 *	specified key index is to be cleared
+	 * @key_idx: Key index
+	 * @seq: Packet number, the next packet number to be
+	 *	used for in replay protection; %NULL if not set
+	 * @key: Key buffer
+	 * @key_len: Length of the key buffer in octets
+	 * @key_flags: bitwise OR of KEY_FLAG_*
+	 * Returns: 0 on success, -1 on failure
+	 */
+	int (*set_group_key)(void *ctx, enum wpa_alg alg, const u8 *addr,
+			     int key_idx, const u8 *seq,
+			     const u8 *key, size_t key_len,
+			     enum key_flag key_flags);
 };
 
 struct nan_data * nan_init(const struct nan_config *cfg);
diff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c
index b53670174c..5e612dd73c 100644
--- a/wpa_supplicant/nan_supplicant.c
+++ b/wpa_supplicant/nan_supplicant.c
@@ -916,6 +916,17 @@ static int wpas_nan_pasn_auth_status_cb(void *ctx, const u8 *peer_addr,
 	return 0;
 }
 
+static int wpas_nan_set_group_key_cb(void *ctx, enum wpa_alg alg,
+				     const u8 *addr, int key_idx, const u8 *seq,
+				     const u8 *key, size_t key_len,
+				     enum key_flag key_flags)
+{
+	struct wpa_supplicant *wpa_s = ctx;
+
+	return wpa_drv_set_key(wpa_s, -1, alg, addr, key_idx, 0,
+			       seq, RSN_PN_LEN, key, key_len, key_flags);
+}
+
 
 static int wpas_nan_update_pairing_credentials_cb(void *ctx, const u8 *nik,
 						  size_t nik_len,
@@ -1129,6 +1140,7 @@ int wpas_nan_init(struct wpa_supplicant *wpa_s)
 		nan.get_chans = wpas_nan_get_chans_cb;
 		nan.is_valid_publish_id = wpas_nan_is_valid_publish_id_cb;
 		nan.set_peer_schedule = wpas_nan_set_peer_schedule_cb;
+		nan.set_group_key = wpas_nan_set_group_key_cb;
 
 		wpa_printf(MSG_DEBUG, "NAN: Bootstrap support enabled");
 		nan.bootstrap_request = wpas_nan_bootstrap_request_cb;
-- 
2.53.0


