[PATCH v3 44/46] PR: store resolved peer DevIK in pr_device after DIRA match

[Kavita Kavita]

From: Peddolla Harshavardhan Reddy <peddolla.reddy at oss.qualcomm.com>

Currently when pr_validate_dira() successfully matches a peer's DIRA
tag, the matched DevIK is not stored on the pr_device. This makes it
impossible to report the resolved peer identity back to the framework
after USD discovery.

To address this issue, add dik[DEVICE_IDENTITY_KEY_LEN] and dik_valid
fields to struct pr_device, following the same pattern as the existing
pmk and password fields. In pr_validate_dira(), reset dik and dik_valid
at entry so stale state from a previous match is never visible, then
copy dev_ik->dik and set dik_valid=true only when the DIRA tag
comparison succeeds. In pr_clear_dev_iks(), clear dik and dik_valid
alongside password to prevent dangling state after the dev_iks list
is freed.

Signed-off-by: Peddolla Harshavardhan Reddy <peddolla.reddy at oss.qualcomm.com>
---
 src/common/proximity_ranging.c | 8 ++++++++
 src/common/proximity_ranging.h | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/src/common/proximity_ranging.c b/src/common/proximity_ranging.c
index 72f70597d..365c828a0 100644
--- a/src/common/proximity_ranging.c
+++ b/src/common/proximity_ranging.c
@@ -182,6 +182,8 @@ void pr_clear_dev_iks(struct pr_data *pr)
 	dl_list_for_each(dev, &pr->devices, struct pr_device, list) {
 		dev->password_valid = false;
 		os_memset(dev->password, 0, sizeof(dev->password));
+		dev->dik_valid = false;
+		os_memset(dev->dik, 0, DEVICE_IDENTITY_KEY_LEN);
 	}
 
 	pr_deinit_dev_iks(pr);
@@ -452,6 +454,10 @@ static int pr_validate_dira(struct pr_data *pr, struct pr_device *dev,
 	const char *label = "DIR";
 	const u8 *dira_nonce, *dira_tag;
 
+	/* Reset DevIK state — set only if DIRA verification succeeds */
+	os_memset(dev->dik, 0, DEVICE_IDENTITY_KEY_LEN);
+	dev->dik_valid = false;
+
 	if (dira_len < 1 + DEVICE_IDENTITY_NONCE_LEN + DEVICE_IDENTITY_TAG_LEN)
 	{
 		wpa_printf(MSG_DEBUG, "PR: Truncated DIRA (length %u)",
@@ -503,6 +509,8 @@ static int pr_validate_dira(struct pr_data *pr, struct pr_device *dev,
 				dev->pmk_len = dev_ik->pmk_len;
 				dev->pmk_valid = true;
 			}
+			os_memcpy(dev->dik, dev_ik->dik, DEVICE_IDENTITY_KEY_LEN);
+			dev->dik_valid = true;
 			return 0;
 		}
 	}
diff --git a/src/common/proximity_ranging.h b/src/common/proximity_ranging.h
index 4b98ca612..771b109af 100644
--- a/src/common/proximity_ranging.h
+++ b/src/common/proximity_ranging.h
@@ -409,6 +409,13 @@ struct pr_device {
 	size_t pmk_len;
 	bool pmk_valid;
 
+	/* DevIK of the peer resolved via DIRA verification.
+	 * Set to the matched dev_ik->dik when pr_validate_dira() succeeds.
+	 * Cleared by pr_clear_dev_iks().
+	 */
+	u8 dik[DEVICE_IDENTITY_KEY_LEN];
+	bool dik_valid;
+
 #ifdef CONFIG_PASN
 	/* PASN data structure */
 	struct pasn_data *pasn;
-- 
2.34.1