[RFC PATCH 10/23] PR: Use set_key to configure secure ranging context for PASN
Peddolla Harshavardhan Reddy
peddolla.reddy at oss.qualcomm.com
Tue Mar 31 22:48:48 PDT 2026
The PR PASN implementation uses wpa_drv_set_secure_ranging_ctx()
to install and clear the pairwise key and LTF keyseed after PASN
authentication. Replace this with the standard set_key driver
operation by extending wpa_driver_set_key_params with ltf_keyseed
and ltf_keyseed_len fields and adding NL80211_KEY_LTF_SEED support
to the nl80211 set_key implementation.
Signed-off-by: Peddolla Harshavardhan Reddy <peddolla.reddy at oss.qualcomm.com>
---
src/drivers/driver.h | 15 +++++++++++++
src/drivers/driver_nl80211.c | 10 +++++++++
wpa_supplicant/pr_supplicant.c | 40 +++++++++++++++++++++++++++++-----
3 files changed, 59 insertions(+), 6 deletions(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 2fd8e896a..79e3230da 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -2094,6 +2094,21 @@ struct wpa_driver_set_key_params {
*
* Set to a valid Link ID (0-14) when applicable, otherwise -1. */
int link_id;
+
+ /**
+ * ltf_keyseed_len - Length of the LTF keyseed in octets.
+ *
+ * Set to 0 if no LTF keyseed is provided.
+ */
+ u8 ltf_keyseed_len;
+
+ /**
+ * ltf_keyseed - LTF keyseed for secure ranging (802.11az).
+ *
+ * Used to configure the secure LTF key seed for a peer measurement
+ * session. Set to NULL if not applicable.
+ */
+ const u8 *ltf_keyseed;
};
enum wpa_driver_if_type {
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 2e7e5ee3e..8acf0243d 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3994,6 +3994,16 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ",
seq, seq_len);
}
+
+ if (params->ltf_keyseed_len && params->ltf_keyseed) {
+ if (nla_put(key_msg, NL80211_KEY_LTF_SEED,
+ params->ltf_keyseed_len,
+ params->ltf_keyseed))
+ goto fail;
+ wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_LTF_SEED",
+ params->ltf_keyseed,
+ params->ltf_keyseed_len);
+ }
}
if (addr && !is_broadcast_ether_addr(addr)) {
diff --git a/wpa_supplicant/pr_supplicant.c b/wpa_supplicant/pr_supplicant.c
index aa21ff9d2..fef1e278b 100644
--- a/wpa_supplicant/pr_supplicant.c
+++ b/wpa_supplicant/pr_supplicant.c
@@ -296,13 +296,29 @@ static void wpas_pr_pasn_set_keys(void *ctx, const u8 *own_addr,
struct wpa_ptk *ptk)
{
struct wpa_supplicant *wpa_s = ctx;
+ struct wpa_driver_set_key_params params;
wpa_printf(MSG_DEBUG, "PR PASN: Set secure ranging context for " MACSTR,
MAC2STR(peer_addr));
- wpa_drv_set_secure_ranging_ctx(wpa_s, own_addr, peer_addr, cipher,
- ptk->tk_len, ptk->tk,
- ptk->ltf_keyseed_len,
- ptk->ltf_keyseed, 0);
+
+ if (!wpa_s->driver->set_key)
+ return;
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.ifname = wpa_s->ifname;
+ params.alg = wpa_cipher_to_alg(cipher);
+ params.addr = peer_addr;
+ params.key_idx = 0;
+ params.set_tx = 1;
+ params.key = ptk->tk;
+ params.key_len = ptk->tk_len;
+ params.key_flag = KEY_FLAG_PAIRWISE_RX_TX;
+ params.link_id = -1;
+ params.ltf_keyseed = ptk->ltf_keyseed;
+ params.ltf_keyseed_len = ptk->ltf_keyseed_len;
+
+ if (wpa_s->driver->set_key(wpa_s->drv_priv, ¶ms) < 0)
+ wpa_printf(MSG_ERROR, "nl80211: Failed to set PTK for PASN");
}
@@ -310,11 +326,23 @@ static void wpas_pr_pasn_clear_keys(void *ctx, const u8 *own_addr,
const u8 *peer_addr)
{
struct wpa_supplicant *wpa_s = ctx;
+ struct wpa_driver_set_key_params params;
wpa_printf(MSG_DEBUG, "PR PASN: Clear secure ranging context for "
MACSTR, MAC2STR(peer_addr));
- wpa_drv_set_secure_ranging_ctx(wpa_s, own_addr, peer_addr, 0, 0, NULL,
- 0, NULL, 1);
+
+ if (!wpa_s->driver->set_key)
+ return;
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.ifname = wpa_s->ifname;
+ params.alg = WPA_ALG_NONE;
+ params.addr = peer_addr;
+ params.key_idx = 0;
+ params.link_id = -1;
+
+ if (wpa_s->driver->set_key(wpa_s->drv_priv, ¶ms) < 0)
+ wpa_printf(MSG_ERROR, "nl80211: Failed to clear PTK for PASN");
}
--
2.34.1
More information about the Hostap
mailing list