[PATCH 31/97] NAN: Add an option to set GTK required for a service
Andrei Otcheretianski
andrei.otcheretianski at intel.com
Tue Apr 28 13:05:32 PDT 2026
From: Avraham Stern <avraham.stern at intel.com>
Add an option to indicate that a service requires GTK protection
for group-addressed data frames transmitted and received for
the service. When GTK is required, a cipher suite list with one
of the NCS-GTK-* shall be specified as well.
Signed-off-by: Avraham Stern <avraham.stern at intel.com>
---
src/common/nan_de.c | 5 +++++
src/common/nan_de.h | 12 ++++++++++++
wpa_supplicant/ctrl_iface.c | 26 ++++++++++++++++++++++++++
3 files changed, 43 insertions(+)
diff --git a/src/common/nan_de.c b/src/common/nan_de.c
index 154c7c0a00..0e2fb8a854 100644
--- a/src/common/nan_de.c
+++ b/src/common/nan_de.c
@@ -84,6 +84,7 @@ struct nan_de_service {
u8 srf_bf_idx;
struct wpabuf *srf;
bool close_proximity;
+ bool gtk_required;
/* Bootstrapping methods */
u16 pbm;
@@ -417,6 +418,8 @@ static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
sdea_ctrl |= NAN_SDEA_CTRL_FSD_REQ;
if (srv->publish.fsd_gas)
sdea_ctrl |= NAN_SDEA_CTRL_FSD_GAS;
+ if (srv->gtk_required)
+ sdea_ctrl |= NAN_SDEA_CTRL_GTK_REQ;
}
if (sdea_ctrl || ssi) {
@@ -2122,6 +2125,7 @@ int nan_de_publish(struct nan_de *de, const char *service_name,
srv->is_pr = params->proximity_ranging && params->solicited;
srv->close_proximity = params->close_proximity;
srv->pbm = params->pbm;
+ srv->gtk_required = params->gtk_required;
nan_de_add_srv(de, srv);
nan_de_run_timer(de);
@@ -2399,6 +2403,7 @@ int nan_de_subscribe(struct nan_de *de, const char *service_name,
srv->sync = params->sync;
srv->close_proximity = params->close_proximity;
srv->pbm = params->pbm;
+ srv->gtk_required = params->gtk_required;
nan_de_add_srv(de, srv);
nan_de_run_timer(de);
diff --git a/src/common/nan_de.h b/src/common/nan_de.h
index 7df4de58b6..e376725191 100644
--- a/src/common/nan_de.h
+++ b/src/common/nan_de.h
@@ -166,6 +166,12 @@ struct nan_publish_params {
/* ND-PMK to use for creating a list of PMKIDs for the service */
const u8 *nd_pmk;
+
+ /*
+ * GTK protection required for group-addressed data frames transmitted
+ * and received for the service
+ */
+ bool gtk_required;
};
/* Returns -1 on failure or >0 publish_id */
@@ -237,6 +243,12 @@ struct nan_subscribe_params {
* Table 128
*/
u16 pbm;
+
+ /*
+ * GTK protection required for group-addressed data frames transmitted
+ * and received for the service
+ */
+ bool gtk_required;
};
/* Returns -1 on failure or >0 subscribe_id */
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 1096fa228d..1ff295922f 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -12767,6 +12767,20 @@ static int wpas_ctrl_ml_probe(struct wpa_supplicant *wpa_s, char *cmd)
#if defined(CONFIG_NAN) || defined(CONFIG_NAN_USD)
+static bool wpas_nan_gtk_cs_supported(const int *cipher_list)
+{
+ size_t i;
+
+ for (i = 0; cipher_list && cipher_list[i]; i++) {
+ if (cipher_list[i] == NAN_CS_GTK_CCMP_128 ||
+ cipher_list[i] == NAN_CS_GTK_GCMP_256)
+ return true;
+ }
+
+ return false;
+}
+
+
static int wpas_ctrl_nan_publish(struct wpa_supplicant *wpa_s, char *cmd,
char *buf, size_t buflen)
{
@@ -12922,11 +12936,23 @@ static int wpas_ctrl_nan_publish(struct wpa_supplicant *wpa_s, char *cmd,
continue;
}
+ if (os_strcmp(token, "gtk_required=1") == 0) {
+ params.gtk_required = true;
+ continue;
+ }
+
wpa_printf(MSG_INFO, "CTRL: Invalid NAN_PUBLISH parameter: %s",
token);
goto fail;
}
+ if (params.gtk_required &&
+ !wpas_nan_gtk_cs_supported(params.cipher_suites_list)) {
+ wpa_printf(MSG_INFO,
+ "CTRL: GTK required but no GTK cipher suite configured");
+ goto fail;
+ }
+
publish_id = wpas_nan_publish(wpa_s, service_name, srv_proto_type,
ssi, ¶ms, p2p);
if (publish_id > 0)
--
2.53.0
More information about the Hostap
mailing list