[PATCH v2 00/28] 11bi: Add Support for EPPKE Authentication

Ainy Kumari ainy.kumari at oss.qualcomm.com
Tue Jan 6 05:45:10 PST 2026 

Add support for new authentication protocol Enhanced Privacy Protection
Key Exchange (EPPKE) as specified in section 12.16.9 of IEEE P802.11bi/D2.0.

Verified the EPPKE Authentication for MLO as well as Non-MLO cases with the
new hwsim test script test_eppke.py and working fine. All 21 test cases
are passing successfully.
New hwsim test cases covers below scenario:
 1. Initial Connection (MLO and Non-MLO with SAE and SAE-EXT-KEY AKMs)
 2. Initial Connection with SAE-EXT-KEY AKM with different groups
 3. PMKSA Caching Attempt (MLO and Non-MLO with SAE and SAE-EXT-KEY AKMs)
 4. GTK and PTK rekey

Depends-on:
[PATCH wireless-next v2 0/9] wifi: cfg80211/mac80211: Add Support for EPPKE Authentication
[PATCH wireless-next] wifi: mac80211: Fix AAD/Nonce computation for management frames with MLO

---
Changes in v1 --> v2:
 - Resolved reviewer's comments on dependent kernel changes.
 - Removed few patches, no longer required.
---

Ainy Kumari (12):
  Sync nl80211_copy.h with wireless-next linux/nl80211.h
  11bi: Rename FILS nonce element and related constants to generic
    'nonce'
  PASN: Extend RSNXE capability field to 32 bits
  EPPKE: Add wiphy capability flag for EPPKE authentication
  wpa_supplicant: Add CONFIG_ENC_ASSOC for association frame encryption
    support
  EPPKE: Add EPPKE support to PASN PTK derivation per IEEE
    P802.11bi/D2.0
  EPPKE: Add support for EPPKE authentication for SME-in-Userspace case
  EPPKE: Add Multi-Link support in Authentication frames
  PASN: Add support for MIC computation for M3 frame for
    SME-in-Userspace
  EPPKE: Update RSNE construction and validation per IEEE P802.11bi/D2.0
  EPPKE: Skip 4-Way handshake and authorize supplicant port on
    association
  EPPKE: Retrieve KCK/KEK from PTKSA and install group keys for GTK
    rekey

Kavita Kavita (3):
  sme: Add support to install temporal key for EPPKE Authentication
    Protocol
  Add support for temporal key removal on association failure
  tests: Enable CONFIG_ENC_ASSOC for hwsim wpa_supplicant

Sai Pratyusha Magam (13):
  11bi: Add wiphy capability flag for (Re)Association frame encryption
    support
  11bi: Enhanced Privacy Protection (EPP) related definitions
  11bi: Configuration options to control EPP feature support in AP mode
  11bi: RSNE/RSNXE capability Extensions in AP mode
  PASN: Modify PASN Authentication frame header APIs based on auth_algo
  EPPKE: Extend existing PASN APIs for EPPKE Authentication
  EPPKE: PTK/MIC Computation and key installation changes in Responder
    mode
  EPPKE: EPP peer indication to driver
  EPPKE: EPP capabilities negotiation indication
  EPPKE: RSNE/Key delivery element in (Re)Association Response
  EPPKE: Skip 4WH and move PTK state directly to PTKINITDONE
  tests: Enable CONFIG_ENC_ASSOC for hwsim hostapd
  tests: Add EPPKE authentication test cases

 hostapd/Makefile                          |   5 +
 hostapd/config_file.c                     |  12 +
 hostapd/defconfig                         |   3 +
 hostapd/hostapd.conf                      |  23 +
 src/ap/ap_config.c                        |   5 +
 src/ap/ap_config.h                        |   5 +
 src/ap/ap_drv_ops.c                       |   7 +-
 src/ap/ap_drv_ops.h                       |   2 +-
 src/ap/ap_mlme.c                          |   6 +-
 src/ap/ieee802_11.c                       | 173 ++++--
 src/ap/ieee802_11_eht.c                   |   1 +
 src/ap/ieee802_11_shared.c                |  16 +
 src/ap/sta_info.c                         |   8 +-
 src/ap/sta_info.h                         |   6 +-
 src/ap/wpa_auth.c                         | 126 ++++-
 src/ap/wpa_auth.h                         |  18 +-
 src/ap/wpa_auth_glue.c                    |  25 +
 src/ap/wpa_auth_i.h                       |   3 +
 src/ap/wpa_auth_ie.c                      |  26 +-
 src/common/common_module_tests.c          |   2 +-
 src/common/defs.h                         |   7 +
 src/common/ieee802_11_common.c            |  10 +-
 src/common/ieee802_11_common.h            |   2 +-
 src/common/ieee802_11_defs.h              |   9 +-
 src/common/wpa_common.c                   | 186 +++++--
 src/common/wpa_common.h                   |  15 +-
 src/drivers/driver.h                      |  16 +
 src/drivers/driver_atheros.c              |   8 +-
 src/drivers/driver_nl80211.c              |  29 +
 src/drivers/driver_nl80211_capa.c         |   9 +
 src/drivers/nl80211_copy.h                | 355 ++++++++++++-
 src/p2p/p2p.c                             |   3 +-
 src/pasn/pasn_common.c                    |  29 +-
 src/pasn/pasn_common.h                    |  36 +-
 src/pasn/pasn_initiator.c                 | 266 +++++++---
 src/pasn/pasn_responder.c                 | 105 +++-
 src/rsn_supp/wpa.c                        | 199 ++++++-
 src/rsn_supp/wpa.h                        |   8 +
 src/rsn_supp/wpa_i.h                      |   7 +-
 tests/hwsim/example-hostapd.config        |   1 +
 tests/hwsim/example-wpa_supplicant.config |   1 +
 tests/hwsim/test_eppke.py                 | 614 ++++++++++++++++++++++
 wlantest/rx_mgmt.c                        |  14 +-
 wpa_supplicant/Makefile                   |   5 +
 wpa_supplicant/defconfig                  |   3 +
 wpa_supplicant/events.c                   |  54 ++
 wpa_supplicant/pasn_supplicant.c          |   6 +-
 wpa_supplicant/sme.c                      | 242 ++++++++-
 wpa_supplicant/wpa_supplicant.c           |   6 +
 49 files changed, 2449 insertions(+), 268 deletions(-)
 create mode 100644 tests/hwsim/test_eppke.py

base-commit: 3ea5c0df504538f2d12c9f46ad74dfc888d4d99c
-- 
2.25.1

More information about the Hostap mailing list