[PATCH 25/97] NAN: Add BIGTK KDE to NDP setup messages

Andrei Otcheretianski andrei.otcheretianski at intel.com
Tue Apr 28 13:05:26 PDT 2026 

From: Avraham Stern <avraham.stern at intel.com>

If BIGTK is supported by both peers, add the BIGTK KDE to NDP setup
M3 and M4 messages. The KDE is added to the key data field and is
encrypted by the KEK. The local BIGTK is randomized and installed
when NAN is started.

Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
 src/nan/nan.c     | 51 ++++++++++++++++++++++++++++++++++++++++++++++-
 src/nan/nan_i.h   |  5 +++++
 src/nan/nan_sec.c | 38 ++++++++++++++++++++++++++++++++++-
 3 files changed, 92 insertions(+), 2 deletions(-)

diff --git a/src/nan/nan.c b/src/nan/nan.c
index 6babdf51f1..0ea2c28b34 100644
--- a/src/nan/nan.c
+++ b/src/nan/nan.c
@@ -226,6 +226,45 @@ static int nan_gen_igtk(struct nan_data *nan)
 }
 
 
+static int nan_gen_bigtk(struct nan_data *nan)
+{
+	u8 tsc[RSN_PN_LEN];
+	enum wpa_alg alg;
+	int cipher;
+
+	if (((nan->cfg->security_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>
+	     NAN_CS_INFO_CAPA_GTK_SUPP_POS) != NAN_CS_INFO_CAPA_GTK_SUPP_ALL) {
+		wpa_printf(MSG_DEBUG, "NAN: BIGTK not supported");
+		return 0;
+	}
+
+	if (nan->cfg->security_capab &
+	    NAN_CS_INFO_CAPA_IGTK_USE_NCS_BIP_GMAC_256) {
+		alg = WPA_ALG_BIP_GMAC_256;
+		cipher = WPA_CIPHER_BIP_GMAC_256;
+	} else {
+		alg = WPA_ALG_BIP_CMAC_128;
+		cipher = WPA_CIPHER_AES_128_CMAC;
+	}
+
+	nan->bigtk.bigtk_len = wpa_cipher_key_len(cipher);
+	nan->bigtk_id = 6;
+	os_get_random(nan->bigtk.bigtk, nan->bigtk.bigtk_len);
+	os_memset(tsc, 0, sizeof(tsc));
+	if (nan->cfg->set_group_key(nan->cfg->cb_ctx, alg, broadcast_ether_addr,
+				    nan->bigtk_id, tsc, nan->bigtk.bigtk,
+				    nan->bigtk.bigtk_len,
+				    KEY_FLAG_GROUP_TX_DEFAULT) < 0) {
+		wpa_printf(MSG_DEBUG, "NAN: Failed to install own BIGTK");
+		return -1;
+	}
+
+	wpa_hexdump_key(MSG_DEBUG, "NAN: New own BIGTK", nan->bigtk.bigtk,
+			nan->bigtk.bigtk_len);
+	return 0;
+}
+
+
 int nan_start(struct nan_data *nan, const struct nan_cluster_config *config)
 {
 	int ret;
@@ -244,7 +283,7 @@ int nan_start(struct nan_data *nan, const struct nan_cluster_config *config)
 	}
 	nan->nan_started = 1;
 
-	if (nan_gen_igtk(nan) < 0) {
+	if (nan_gen_igtk(nan) < 0 || nan_gen_bigtk(nan) < 0) {
 		nan_stop(nan);
 		return -1;
 	}
@@ -307,6 +346,16 @@ void nan_stop(struct nan_data *nan)
 		nan->igtk_id = 0;
 	}
 
+	if (nan->bigtk.bigtk_len) {
+		if (nan->cfg->set_group_key(nan->cfg->cb_ctx, WPA_ALG_NONE,
+					    NULL, nan->bigtk_id, NULL, NULL,
+					    0, KEY_FLAG_GROUP))
+			wpa_printf(MSG_DEBUG, "NAN: Failed to clear Own BIGTK");
+
+		nan->bigtk.bigtk_len = 0;
+		nan->bigtk_id = 0;
+	}
+
 	nan_flush(nan);
 	nan->cfg->stop(nan->cfg->cb_ctx);
 }
diff --git a/src/nan/nan_i.h b/src/nan/nan_i.h
index 5f43d5325e..e3babcd171 100644
--- a/src/nan/nan_i.h
+++ b/src/nan/nan_i.h
@@ -563,6 +563,8 @@ struct nan_peer {
  * @responder_pmksa: PMKSA cache for PASN-PMK authentication as a responder
  * @igtk: IGTK for NAN secure NDP
  * @igtk_id: Key ID of the IGTK
+ * @bigtk: BIGTK for NAN secure NDP
+ * @bigtk_id: Key ID of the BIGTK
  */
 struct nan_data {
 	struct nan_config *cfg;
@@ -582,6 +584,9 @@ struct nan_data {
 
 	struct wpa_igtk igtk;
 	u8 igtk_id;
+
+	struct wpa_bigtk bigtk;
+	u8 bigtk_id;
 };
 
 struct nan_attrs_entry {
diff --git a/src/nan/nan_sec.c b/src/nan/nan_sec.c
index 07dd47dbae..115fb137a2 100644
--- a/src/nan/nan_sec.c
+++ b/src/nan/nan_sec.c
@@ -808,8 +808,41 @@ static int nan_sec_igtk_kde(struct nan_data *nan, struct wpabuf *buf)
 	return 0;
 }
 
+#define NAN_KDES_MAX_LEN                                           \
+	(KDE_HDR_LEN + sizeof(struct wpa_igtk_kde) + KDE_HDR_LEN + \
+	 sizeof(struct wpa_bigtk_kde))
 
-#define NAN_KDES_MAX_LEN	(KDE_HDR_LEN + sizeof(struct wpa_igtk_kde))
+static int nan_sec_bigtk_kde(struct nan_data *nan, struct nan_ndp_sec *ndp_sec,
+			     struct wpabuf *buf)
+{
+	u8 tsc[RSN_PN_LEN];
+
+	if (((ndp_sec->i_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>
+	     NAN_CS_INFO_CAPA_GTK_SUPP_POS) != NAN_CS_INFO_CAPA_GTK_SUPP_ALL) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: BIGTK not supported by initiator");
+		return 0;
+	}
+
+	if (((ndp_sec->r_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>
+	     NAN_CS_INFO_CAPA_GTK_SUPP_POS) != NAN_CS_INFO_CAPA_GTK_SUPP_ALL) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: BIGTK not supported by responder");
+		return 0;
+	}
+
+	if (nan->cfg->get_seqnum(nan->cfg->cb_ctx, nan->bigtk_id, tsc) < 0) {
+		wpa_printf(MSG_DEBUG, "NAN: Failed to get BIGTK seqnum");
+		return -1;
+	}
+
+	nan_add_kde_hdr(buf, RSN_KEY_DATA_BIGTK,
+			WPA_BIGTK_KDE_PREFIX_LEN + nan->bigtk.bigtk_len);
+	wpabuf_put_le16(buf, nan->bigtk_id);
+	wpabuf_put_data(buf, tsc, sizeof(tsc));
+	wpabuf_put_data(buf, nan->bigtk.bigtk, nan->bigtk.bigtk_len);
+	return 0;
+}
 
 
 static bool nan_sec_igtk_supported(struct nan_ndp_sec *ndp_sec)
@@ -853,6 +886,9 @@ static int nan_sec_add_kdes(struct nan_data *nan,
 	if (nan_sec_igtk_kde(nan, kde_buf) < 0)
 		goto fail;
 
+	if (nan_sec_bigtk_kde(nan, ndp_sec, kde_buf) < 0)
+		goto fail;
+
 	enc_kde = nan_crypto_encrypt_key_data(kde_buf, ndp_sec->ptk.kek,
 					      ndp_sec->ptk.kek_len);
 	if (!enc_kde) {
-- 
2.53.0

More information about the Hostap mailing list