[PATCH 32/97] NAN: Add GTK data to NDP security parameters

Andrei Otcheretianski andrei.otcheretianski at intel.com
Tue Apr 28 13:05:33 PDT 2026 

From: Avraham Stern <avraham.stern at intel.com>

Add the GTK cipher suite, GTK key ID and the GTK to NDP security
parameters. When GTK cipher suite is set to a valid cipher suite,
a GTK will be required for the NDP.

Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
 src/nan/nan.h     | 15 +++++++++++++++
 src/nan/nan_i.h   |  3 +++
 src/nan/nan_ndp.c |  5 +++++
 3 files changed, 23 insertions(+)

diff --git a/src/nan/nan.h b/src/nan/nan.h
index ead37c53fc..dbcc195857 100644
--- a/src/nan/nan.h
+++ b/src/nan/nan.h
@@ -187,14 +187,29 @@ struct nan_schedule {
 	struct wpabuf *elems;
 };
 
+/**
+ * struct nan_gtk - NAN GTK information
+
+ * @gtk: Group Temporal Key (GTK)
+ * @id: GTK key ID
+ * @csid: GTK Cipher suite ID. See &enum nan_cipher_suite_id
+ */
+struct nan_gtk {
+	struct wpa_gtk gtk;
+	u8 id;
+	u8 csid;
+};
+
 /**
  * struct nan_ndp_sec_params - NAN NDP security parameters
  * @csid: Cipher suite ID
  * @pmk: NAN Pairwise Master Key (PMK)
+ * @gtk: Group Temporal Key (GTK) information
  */
 struct nan_ndp_sec_params {
 	enum nan_cipher_suite_id csid;
 	u8 pmk[PMK_LEN];
+	struct nan_gtk gtk;
 };
 
 /**
diff --git a/src/nan/nan_i.h b/src/nan/nan_i.h
index 84e9508fb8..748120aa25 100644
--- a/src/nan/nan_i.h
+++ b/src/nan/nan_i.h
@@ -65,6 +65,7 @@ struct nan_ptk {
  * @auth_token: Authentication token
  * @pmk: PMK used for the secure NDP establishment
  * @ptk: Derived PTK
+ * @local_gtk: Group Temporal Key information of the local NDI
  */
 struct nan_ndp_sec {
 	bool present;
@@ -91,6 +92,8 @@ struct nan_ndp_sec {
 	u8 pmk[PMK_LEN];
 
 	struct nan_ptk ptk;
+
+	struct nan_gtk local_gtk;
 };
 
 /*
diff --git a/src/nan/nan_ndp.c b/src/nan/nan_ndp.c
index 5a95005d21..9ab2cee65e 100644
--- a/src/nan/nan_ndp.c
+++ b/src/nan/nan_ndp.c
@@ -145,6 +145,9 @@ int nan_ndp_setup_req(struct nan_data *nan, struct nan_peer *peer,
 
 		peer->ndp_setup.sec.i_instance_id =
 			peer->ndp_setup.publish_inst_id;
+
+		os_memcpy(&peer->ndp_setup.sec.local_gtk, &params->sec.gtk,
+			  sizeof(peer->ndp_setup.sec.local_gtk));
 	}
 
 	if (params->interface_id) {
@@ -229,6 +232,8 @@ int nan_ndp_setup_resp(struct nan_data *nan, struct nan_peer *peer,
 			peer->ndp_setup.sec.r_csid = params->sec.csid;
 			os_memcpy(peer->ndp_setup.sec.pmk, params->sec.pmk,
 				  PMK_LEN);
+			os_memcpy(&peer->ndp_setup.sec.local_gtk, &params->sec.gtk,
+				  sizeof(peer->ndp_setup.sec.local_gtk));
 
 			ret = nan_sec_init_resp(nan, peer);
 			if (ret) {
-- 
2.53.0

More information about the Hostap mailing list