[PATCH 24/97] NAN: Add IGTK KDE to NDP setup messages

Andrei Otcheretianski andrei.otcheretianski at intel.com
Tue Apr 28 13:05:25 PDT 2026 

From: Avraham Stern <avraham.stern at intel.com>

If IGTK is supported by both peers, add the IGTK KDE to NDP
setup M3 and M4 messages. The KDE is put in the key data field
and is encrypted with the KEK.
The local IGTK is randomized and installed when NAN is started.

Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
 src/nan/nan.c         |  52 ++++++++++++++++++
 src/nan/nan_i.h       |   6 +++
 src/nan/nan_pairing.c |   8 ---
 src/nan/nan_sec.c     | 119 +++++++++++++++++++++++++++++++++++++-----
 src/nan/nan_util.c    |   8 +++
 5 files changed, 173 insertions(+), 20 deletions(-)

diff --git a/src/nan/nan.c b/src/nan/nan.c
index 5614a7bd89..6babdf51f1 100644
--- a/src/nan/nan.c
+++ b/src/nan/nan.c
@@ -189,6 +189,43 @@ void nan_deinit(struct nan_data *nan)
 }
 
 
+static int nan_gen_igtk(struct nan_data *nan)
+{
+	u8 tsc[RSN_PN_LEN];
+	enum wpa_alg alg;
+	int cipher;
+
+	if (((nan->cfg->security_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>
+	     NAN_CS_INFO_CAPA_GTK_SUPP_POS) == NAN_CS_INFO_CAPA_GTK_SUPP_NONE)
+		return 0;
+
+	if (nan->cfg->security_capab &
+	    NAN_CS_INFO_CAPA_IGTK_USE_NCS_BIP_GMAC_256) {
+		alg = WPA_ALG_BIP_GMAC_256;
+		cipher = WPA_CIPHER_BIP_GMAC_256;
+	} else {
+		alg = WPA_ALG_BIP_CMAC_128;
+		cipher = WPA_CIPHER_AES_128_CMAC;
+	}
+
+	nan->igtk.igtk_len = wpa_cipher_key_len(cipher);
+	nan->igtk_id = 4;
+	os_get_random(nan->igtk.igtk, nan->igtk.igtk_len);
+	os_memset(tsc, 0, sizeof(tsc));
+	if (nan->cfg->set_group_key(nan->cfg->cb_ctx, alg, broadcast_ether_addr,
+				    nan->igtk_id, tsc, nan->igtk.igtk,
+				    nan->igtk.igtk_len,
+				    KEY_FLAG_GROUP_TX_DEFAULT) < 0) {
+		wpa_printf(MSG_DEBUG, "NAN: Failed to install own IGTK");
+		return -1;
+	}
+
+	wpa_hexdump_key(MSG_DEBUG, "NAN: New own IGTK", nan->igtk.igtk,
+			nan->igtk.igtk_len);
+	return 0;
+}
+
+
 int nan_start(struct nan_data *nan, const struct nan_cluster_config *config)
 {
 	int ret;
@@ -207,6 +244,11 @@ int nan_start(struct nan_data *nan, const struct nan_cluster_config *config)
 	}
 	nan->nan_started = 1;
 
+	if (nan_gen_igtk(nan) < 0) {
+		nan_stop(nan);
+		return -1;
+	}
+
 	return 0;
 }
 
@@ -255,6 +297,16 @@ void nan_stop(struct nan_data *nan)
 		return;
 	}
 
+	if (nan->igtk.igtk_len) {
+		if (nan->cfg->set_group_key(nan->cfg->cb_ctx, WPA_ALG_NONE,
+					    NULL, nan->igtk_id, NULL, NULL,
+					    0, KEY_FLAG_GROUP))
+			wpa_printf(MSG_DEBUG, "NAN: Failed to clear Own IGTK");
+
+		nan->igtk.igtk_len = 0;
+		nan->igtk_id = 0;
+	}
+
 	nan_flush(nan);
 	nan->cfg->stop(nan->cfg->cb_ctx);
 }
diff --git a/src/nan/nan_i.h b/src/nan/nan_i.h
index d01f720be6..5f43d5325e 100644
--- a/src/nan/nan_i.h
+++ b/src/nan/nan_i.h
@@ -561,6 +561,8 @@ struct nan_peer {
  * @nira_tag: Tag for NAN Identity Resolution attribute (NIRA)
  * @initiator_pmksa: PMKSA cache for PASN-PMK authentication as an initiator
  * @responder_pmksa: PMKSA cache for PASN-PMK authentication as a responder
+ * @igtk: IGTK for NAN secure NDP
+ * @igtk_id: Key ID of the IGTK
  */
 struct nan_data {
 	struct nan_config *cfg;
@@ -577,6 +579,9 @@ struct nan_data {
 
 	struct rsn_pmksa_cache *initiator_pmksa;
 	struct rsn_pmksa_cache *responder_pmksa;
+
+	struct wpa_igtk igtk;
+	u8 igtk_id;
 };
 
 struct nan_attrs_entry {
@@ -796,6 +801,7 @@ void nan_parse_peer_dev_capa_ext(struct nan_data *nan, struct nan_peer *peer,
 int nan_configure_peer_schedule(struct nan_data *nan, struct nan_peer *peer,
 				const struct nan_schedule *local_sched);
 bool nan_is_ndpe_supported(struct nan_data *nan, struct nan_peer *peer);
+void nan_add_kde_hdr(struct wpabuf *buf, u32 kde, size_t data_len);
 #ifdef CONFIG_PASN
 int nan_nira_get_tag_nonce(const struct nan_config *nan, u8 *nonce, u8 *tag);
 void nan_pairing_deinit_peer(struct nan_peer *peer);
diff --git a/src/nan/nan_pairing.c b/src/nan/nan_pairing.c
index b5608aaccd..938925eacf 100644
--- a/src/nan/nan_pairing.c
+++ b/src/nan/nan_pairing.c
@@ -651,14 +651,6 @@ static void nan_pairing_done(struct nan_data *nan_data, struct nan_peer *peer)
 }
 
 
-static void nan_add_kde_hdr(struct wpabuf *buf, u32 kde, size_t data_len)
-{
-	wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
-	wpabuf_put_u8(buf, RSN_SELECTOR_LEN + data_len);
-	RSN_SELECTOR_PUT(wpabuf_put(buf, RSN_SELECTOR_LEN), kde);
-}
-
-
 /**
  * nan_nik_build_key_data - Build NAN Identity Key (NIK) key data buffer
  * @nan_data: Pointer to NAN data structure containing configuration
diff --git a/src/nan/nan_sec.c b/src/nan/nan_sec.c
index ae41019c83..07dd47dbae 100644
--- a/src/nan/nan_sec.c
+++ b/src/nan/nan_sec.c
@@ -791,6 +791,85 @@ static int nan_sec_add_m2_attrs(struct nan_data *nan, struct nan_peer *peer,
 }
 
 
+static int nan_sec_igtk_kde(struct nan_data *nan, struct wpabuf *buf)
+{
+	u8 tsc[RSN_PN_LEN];
+
+	if (nan->cfg->get_seqnum(nan->cfg->cb_ctx, nan->igtk_id, tsc) < 0) {
+		wpa_printf(MSG_DEBUG, "NAN: Failed to get IGTK seqnum");
+		return -1;
+	}
+
+	nan_add_kde_hdr(buf, RSN_KEY_DATA_IGTK,
+			WPA_IGTK_KDE_PREFIX_LEN + nan->igtk.igtk_len);
+	wpabuf_put_le16(buf, nan->igtk_id);
+	wpabuf_put_data(buf, tsc, RSN_PN_LEN);
+	wpabuf_put_data(buf, nan->igtk.igtk, nan->igtk.igtk_len);
+	return 0;
+}
+
+
+#define NAN_KDES_MAX_LEN	(KDE_HDR_LEN + sizeof(struct wpa_igtk_kde))
+
+
+static bool nan_sec_igtk_supported(struct nan_ndp_sec *ndp_sec)
+{
+	return ((ndp_sec->i_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>
+		NAN_CS_INFO_CAPA_GTK_SUPP_POS) !=
+		NAN_CS_INFO_CAPA_GTK_SUPP_NONE &&
+	       ((ndp_sec->r_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>
+		NAN_CS_INFO_CAPA_GTK_SUPP_POS) !=
+		NAN_CS_INFO_CAPA_GTK_SUPP_NONE;
+}
+
+
+static int nan_sec_add_kdes(struct nan_data *nan,
+			    struct nan_ndp_sec *ndp_sec,
+			    struct wpabuf *buf)
+{
+	struct wpabuf *kde_buf;
+	struct wpabuf *enc_kde;
+	int ret = -1;
+
+	if (!nan_sec_igtk_supported(ndp_sec)) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: IGTK not supported for this NDP");
+		return 0;
+	}
+
+	if (!ndp_sec->ptk.kek_len) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: SEC: No KEK available to encrypt KDEs");
+		return -1;
+	}
+
+	kde_buf = wpabuf_alloc(NAN_KDES_MAX_LEN);
+	if (!kde_buf) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: SEC: Failed to allocate KDE buffer");
+		return -1;
+	}
+
+	if (nan_sec_igtk_kde(nan, kde_buf) < 0)
+		goto fail;
+
+	enc_kde = nan_crypto_encrypt_key_data(kde_buf, ndp_sec->ptk.kek,
+					      ndp_sec->ptk.kek_len);
+	if (!enc_kde) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: SEC: Failed to encrypt KDEs");
+		goto fail;
+	}
+
+	wpabuf_put_buf(buf, enc_kde);
+	ret = wpabuf_len(enc_kde);
+	wpabuf_free(enc_kde);
+fail:
+	wpabuf_clear_free(kde_buf);
+	return ret;
+}
+
+
 /*
  * nan_sec_add_key_attrs - Add security key attributes to NAN message
  * @nan: NAN module context from nan_init()
@@ -808,7 +887,10 @@ static int nan_sec_add_key_attrs(struct nan_data *nan, struct nan_peer *peer,
 	struct nan_ndp_sec *ndp_sec = &peer->ndp_setup.sec;
 	struct wpa_eapol_key *key;
 	u16 info;
-	size_t key_len = sizeof(struct wpa_eapol_key) + 2;
+	size_t key_len = sizeof(struct wpa_eapol_key);
+	u8 *key_len_pos;
+	int kde_len;
+	u8 *key_data_len_pos;
 
 	if (NAN_CS_IS_128(ndp_sec->i_csid))
 		key_len += NAN_KEY_MIC_LEN;
@@ -819,7 +901,7 @@ static int nan_sec_add_key_attrs(struct nan_data *nan, struct nan_peer *peer,
 
 	/* Shared key descriptor */
 	wpabuf_put_u8(buf, NAN_ATTR_SHARED_KEY_DESCR);
-	wpabuf_put_le16(buf, sizeof(struct nan_shared_key) + key_len);
+	key_len_pos = wpabuf_put(buf, 2);
 	wpabuf_put_u8(buf, instance_id);
 
 	key = (struct wpa_eapol_key *) wpabuf_put(buf, key_len);
@@ -827,24 +909,37 @@ static int nan_sec_add_key_attrs(struct nan_data *nan, struct nan_peer *peer,
 
 	key->type = NAN_KEY_DESC;
 
-	info = WPA_KEY_INFO_TYPE_AKM_DEFINED | WPA_KEY_INFO_KEY_TYPE |
-		WPA_KEY_INFO_MIC | WPA_KEY_INFO_INSTALL | WPA_KEY_INFO_SECURE;
-	if (is_ack)
-		info |= WPA_KEY_INFO_ACK;
-
-	WPA_PUT_BE16(key->key_info, info);
-
 	os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
 
 	/*
-	 * Key length is zero (it can be deduced from the cipher suite).
-	 * No additional data is added.
-	 *
 	 * Copy replay counter. It was already incremented while processing m2
 	 * so no need to increment it again.
 	 */
 	os_memcpy(key->replay_counter, ndp_sec->replaycnt,
 		  sizeof(key->replay_counter));
+
+	/* Add KDEs to the key data and set key length accordingly */
+	key_data_len_pos = wpabuf_put(buf, 2);
+
+	kde_len = nan_sec_add_kdes(nan, ndp_sec, buf);
+	if (kde_len < 0) {
+		wpa_printf(MSG_DEBUG,
+			   "NAN: SEC: Failed to add KDEs to m3");
+		return -1;
+	}
+
+	info = WPA_KEY_INFO_TYPE_AKM_DEFINED | WPA_KEY_INFO_KEY_TYPE |
+	       WPA_KEY_INFO_MIC | WPA_KEY_INFO_INSTALL | WPA_KEY_INFO_SECURE;
+	if (is_ack)
+		info |= WPA_KEY_INFO_ACK;
+	if (kde_len)
+		info |= WPA_KEY_INFO_ENCR_KEY_DATA;
+
+	WPA_PUT_BE16(key->key_info, info);
+
+	WPA_PUT_LE16(key_len_pos,
+		     sizeof(struct nan_shared_key) + key_len + 2 + kde_len);
+	WPA_PUT_BE16(key_data_len_pos, kde_len);
 	return 0;
 }
 
diff --git a/src/nan/nan_util.c b/src/nan/nan_util.c
index c0bd91aae5..c8604dc5ad 100644
--- a/src/nan/nan_util.c
+++ b/src/nan/nan_util.c
@@ -1972,3 +1972,11 @@ bool nan_peer_schedule_intersects(struct nan_data *nan,
 
 	return false;
 }
+
+
+void nan_add_kde_hdr(struct wpabuf *buf, u32 kde, size_t data_len)
+{
+	wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
+	wpabuf_put_u8(buf, RSN_SELECTOR_LEN + data_len);
+	RSN_SELECTOR_PUT(wpabuf_put(buf, RSN_SELECTOR_LEN), kde);
+}
-- 
2.53.0

More information about the Hostap mailing list