wifi: mac80211: allow cipher change on NAN_DATA interfaces

author Daniel Gabay <daniel.gabay@intel.com>

Fri, 15 May 2026 11:28:06 +0000 (14:28 +0300)

committer Johannes Berg <johannes.berg@intel.com>

Wed, 20 May 2026 10:03:38 +0000 (12:03 +0200)
author Daniel Gabay <daniel.gabay@intel.com>
Fri, 15 May 2026 11:28:06 +0000 (14:28 +0300)
committer Johannes Berg <johannes.berg@intel.com>
Wed, 20 May 2026 10:03:38 +0000 (12:03 +0200)
diff --git a/net/mac80211/key.c b/net/mac80211/key.c

index 3030bd40bca007c6fac2953333c3a3c5d78e488c..f45e792abede57eeaf5e14cb02387aac4fbd7d9e 100644 (file)
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -870,11 +870,16 @@ int ieee80211_key_link(struct ieee80211_key *key,
                 alt_key = wiphy_dereference(sdata->local->hw.wiphy,
                                             sta->ptk[idx ^ 1]);
  
-               /* The rekey code assumes that the old and new key are using
+               /*
+                * The rekey code assumes that the old and new key are using
                  * the same cipher. Enforce the assumption for pairwise keys.
+                * NAN Data interfaces are exempt: Wi-Fi Aware v4.0 section 7.4
+                * requires upgrading the ND-TKSA when a new NDP negotiates a
+                * stronger cipher suite.
                  */
-               if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
-                   (old_key && old_key->conf.cipher != key->conf.cipher)) {
+               if (sdata->vif.type != NL80211_IFTYPE_NAN_DATA &&
+                   ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
+                    (old_key && old_key->conf.cipher != key->conf.cipher))) {
                         ret = -EOPNOTSUPP;
                         goto out;
                 }
author	Daniel Gabay <daniel.gabay@intel.com>
	Fri, 15 May 2026 11:28:06 +0000 (14:28 +0300)
committer	Johannes Berg <johannes.berg@intel.com>
	Wed, 20 May 2026 10:03:38 +0000 (12:03 +0200)