[PATCH 00/20] Add IEEE 802.11bn Security Profile support

Andrei Otcheretianski andrei.otcheretianski at intel.com
Wed Jun 10 06:11:53 PDT 2026 

This series adds support for the IEEE 802.11bn Security Profile element
to both hostapd and wpa_supplicant as defined in section 37.32 of Draft
IEEE802.11bn/D1.4
Add testing coverage for Security Profile flows across SAE, OWE, EPPKE,
and IEEE 802.1X authentication.

Ilan Peer (20):
  common: Add IEEE 802.11bn Security Profile element definitions
  common: Parse Security Profile element
  AP: Fix heap-buffer-overflow when printing STA identity
  AP: Correctly set WLAN_RSNX_CAPAB_KEK_IN_PASN
  AP: Advertise IEEE 802.11bn Security Profile element
  AP: Reject first Authentication frame with mismatched security profile
  AP: Reject (Re)Association Request with mismatched security profile
  AP: Add Security Profile element to (Re)Association Response
  AP: Include Security Profile element in 4-way handshake message 3
  wpa_supplicant: Store AP Security Profile element
  wpa_supplicant: Match advertised security profiles in BSS selection
  wpa_supplicant: Include Security profile element in auth/assoc
  wpa_supplicant: Prefer matching Security Profile in RSN selection
  WPA: Verify Security Profile element in protected delivery
  wpa_supplicant: Fix KEK_IN_PASN RSNXE advertisement
  wpa_supplicant: Fix EAP over Auth frame RSNXE advertisement
  tests: Extended EPPKE with caching to use random MAC addresses
  tests: Add EPPKE testing coverage for security profile flows
  tests: Add Security profile tests for profiles 8 and 9.
  tests: IEEE802.1X with security profiles

 hostapd/config_file.c              |   2 +
 hostapd/hostapd.conf               |   6 +
 src/ap/ap_config.c                 |   1 +
 src/ap/ap_config.h                 |   7 +
 src/ap/beacon.c                    |  28 ++
 src/ap/ieee802_11.c                | 100 ++++++-
 src/ap/ieee802_11.h                |   2 +
 src/ap/ieee802_11_shared.c         |  27 +-
 src/ap/ieee802_1x.c                |  23 +-
 src/ap/sta_info.h                  |   2 +
 src/ap/wpa_auth.c                  |  31 +++
 src/ap/wpa_auth.h                  |  12 +
 src/ap/wpa_auth_glue.c             |   1 +
 src/ap/wpa_auth_ie.c               | 311 ++++++++++++++++++++-
 src/common/ieee802_11_common.c     |   6 +
 src/common/ieee802_11_common.h     |   2 +
 src/common/ieee802_11_defs.h       |  59 ++++
 src/common/wpa_common.c            |  74 +++++
 src/common/wpa_common.h            |  37 +++
 src/pasn/pasn_common.c             |   6 +-
 src/rsn_supp/wpa.c                 | 198 +++++++++++++-
 src/rsn_supp/wpa.h                 |  23 +-
 src/rsn_supp/wpa_i.h               |   4 +
 src/rsn_supp/wpa_ie.c              |   5 +-
 tests/hwsim/test_eppke.py          | 424 ++++++++++++++++++++++++-----
 tests/hwsim/test_ieee8021x_auth.py |  63 +++++
 tests/hwsim/test_owe.py            |  23 ++
 tests/hwsim/test_sae.py            |  34 +++
 wpa_supplicant/events.c            | 105 +++++++
 wpa_supplicant/sme.c               |  41 +++
 wpa_supplicant/wpa_supplicant.c    | 259 ++++++++++++++++--
 wpa_supplicant/wpas_glue.c         |   6 +
 32 files changed, 1810 insertions(+), 112 deletions(-)

-- 
2.53.0

More information about the Hostap mailing list