OSEN: Remove all OSEN functionality

Passpoint spec v3.4 removed all OSU functionality, including OSEN. In
practice, this means that there is not going to any deployment or use of
the OSEN functionality in the future and as such, there is no need to
maintain this implementation.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 937383c5425b9bdd0801b7ef7b4d22655cebedab..bc8e90e32703bcd7454e9e395fb554222c9e0417 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -713,10 +713,6 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
                else if (os_strcmp(start, "DPP") == 0)
                        val |= WPA_KEY_MGMT_DPP;
 #endif /* CONFIG_DPP */
-#ifdef CONFIG_HS20
-               else if (os_strcmp(start, "OSEN") == 0)
-                       val |= WPA_KEY_MGMT_OSEN;
-#endif /* CONFIG_HS20 */
 #ifdef CONFIG_PASN
                else if (os_strcmp(start, "PASN") == 0)
                        val |= WPA_KEY_MGMT_PASN;
@@ -4385,8 +4381,6 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                bss->disable_dgaf = atoi(pos);
        } else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) {
                bss->na_mcast_to_ucast = atoi(pos);
-       } else if (os_strcmp(buf, "osen") == 0) {
-               bss->osen = atoi(pos);
        } else if (os_strcmp(buf, "anqp_domain_id") == 0) {
                bss->anqp_domain_id = atoi(pos);
        } else if (os_strcmp(buf, "hs20_deauth_req_timeout") == 0) {

diff --git a/hostapd/eap_register.c b/hostapd/eap_register.c
index 3e870c7f06701fa4741e3f06299472636dfab19c..8bb25f2345a35e45a1ef2f92e7280c6564984540 100644 (file)
--- a/hostapd/eap_register.c
+++ b/hostapd/eap_register.c
@@ -44,13 +44,6 @@ int eap_server_register_methods(void)
                ret = eap_server_unauth_tls_register();
 #endif /* EAP_SERVER_TLS */
 
-#ifdef EAP_SERVER_TLS
-#ifdef CONFIG_HS20
-       if (ret == 0)
-               ret = eap_server_wfa_unauth_tls_register();
-#endif /* CONFIG_HS20 */
-#endif /* EAP_SERVER_TLS */
-
 #ifdef EAP_SERVER_MSCHAPV2
        if (ret == 0)
                ret = eap_server_mschapv2_register();

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 95e9a94ecbc41afa7247019d0b66e4dfdc5ba665..25bb3cb8237330e172af0e1b7683519eadfc52bd 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1881,7 +1881,6 @@ own_ip_addr=127.0.0.1
 # FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384
 # OWE = Opportunistic Wireless Encryption (a.k.a. Enhanced Open)
 # DPP = Device Provisioning Protocol
-# OSEN = Hotspot 2.0 online signup with encryption
 # (dot11RSNAConfigAuthenticationSuitesTable)
 #wpa_key_mgmt=WPA-PSK WPA-EAP
 
@@ -3077,9 +3076,6 @@ own_ip_addr=127.0.0.1
 # forging such frames to other stations in the BSS.
 #disable_dgaf=1
 
-# OSU Server-Only Authenticated L2 Encryption Network
-#osen=1
-
 # ANQP Domain ID (0..65535)
 # An identifier for a set of APs in an ESS that share the same common ANQP
 # information. 0 = Some of the ANQP information is unique to this AP (default).

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 40243f160318f2bd231f9ea369a388122ee1d697..71d8d0494a29cfd86c23e85ea8e51ef86d489d0c 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -1701,11 +1701,6 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
                if (full_config)
                        bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
 #endif /* CONFIG_WEP */
-       } else if (bss->osen) {
-               bss->ssid.security_policy = SECURITY_OSEN;
-               bss->wpa_group = WPA_CIPHER_CCMP;
-               bss->wpa_pairwise = 0;
-               bss->rsn_pairwise = WPA_CIPHER_CCMP;
        } else {
                bss->ssid.security_policy = SECURITY_PLAINTEXT;
                if (full_config) {

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index bac874ebbe4afdfd9fb6e9f6ad2f35f9832e0597..0b13595e9b825019dd81cd10bc8f80d191d8cce5 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -93,7 +93,6 @@ typedef enum hostap_security_policy {
        SECURITY_IEEE_802_1X = 2,
        SECURITY_WPA_PSK = 3,
        SECURITY_WPA = 4,
-       SECURITY_OSEN = 5
 } secpolicy;
 
 struct hostapd_ssid {
@@ -624,7 +623,6 @@ struct hostapd_bss_config {
        u8 qos_map_set[16 + 2 * 21];
        unsigned int qos_map_set_len;
 
-       int osen;
        int proxy_arp;
        int na_mcast_to_ucast;
 

diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index 8e9c41e41d247c46b3d350e71055790949beb831..d342132dbcc91fed18dd571a24bfdbf7d41b879b 100644 (file)
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -185,11 +185,6 @@ int hostapd_build_ap_extra_ies(struct hostapd_data *hapd,
        if (add_buf_data(&beacon, buf, pos - buf) < 0 ||
            add_buf_data(&proberesp, buf, pos - buf) < 0)
                goto fail;
-
-       pos = hostapd_eid_osen(hapd, buf);
-       if (add_buf_data(&beacon, buf, pos - buf) < 0 ||
-           add_buf_data(&proberesp, buf, pos - buf) < 0)
-               goto fail;
 #endif /* CONFIG_HS20 */
 
 #ifdef CONFIG_MBO

diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 71f7bc3c7a6ebe6a4c91e4cdc9d5391bc720d46d..3e48e57ac5dce34244d02f116e0168235531fcea 100644 (file)
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -403,19 +403,6 @@ static u8 * hostapd_get_wpa_ie(struct hostapd_data *hapd, u8 *pos, size_t len)
 }
 
 
-static u8 * hostapd_get_osen_ie(struct hostapd_data *hapd, u8 *pos, size_t len)
-{
-       const u8 *ie;
-
-       ie = hostapd_vendor_wpa_ie(hapd, OSEN_IE_VENDOR_TYPE);
-       if (!ie || 2U + ie[1] > len)
-               return pos;
-
-       os_memcpy(pos, ie, 2 + ie[1]);
-       return pos + 2 + ie[1];
-}
-
-
 static u8 * hostapd_get_rsne_override(struct hostapd_data *hapd, u8 *pos,
                                      size_t len)
 {
@@ -955,9 +942,8 @@ static u8 * hostapd_probe_resp_fill_elems(struct hostapd_data *hapd,
                pos = hostapd_eid_vendor_vht(hapd, pos);
 #endif /* CONFIG_IEEE80211AC */
 
-       /* WPA / OSEN */
+       /* WPA */
        pos = hostapd_get_wpa_ie(hapd, pos, epos - pos);
-       pos = hostapd_get_osen_ie(hapd, pos, epos - pos);
 
        /* Wi-Fi Alliance WMM */
        pos = hostapd_eid_wmm(hapd, pos);
@@ -2423,9 +2409,8 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
                tailpos = hostapd_eid_vendor_vht(hapd, tailpos);
 #endif /* CONFIG_IEEE80211AC */
 
-       /* WPA / OSEN */
+       /* WPA */
        tailpos = hostapd_get_wpa_ie(hapd, tailpos, tailend - tailpos);
-       tailpos = hostapd_get_osen_ie(hapd, tailpos, tailend - tailpos);
 
        /* Wi-Fi Alliance WMM */
        tailpos = hostapd_eid_wmm(hapd, tailpos);
@@ -2597,10 +2582,6 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
 #endif /* CONFIG_P2P */
 #ifdef CONFIG_HS20
        params->disable_dgaf = hapd->conf->disable_dgaf;
-       if (hapd->conf->osen) {
-               params->privacy = 1;
-               params->osen = 1;
-       }
 #endif /* CONFIG_HS20 */
        params->multicast_to_unicast = hapd->conf->multicast_to_unicast;
        params->pbss = hapd->conf->pbss;

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index d781cca3d9076ce2676a0c7e31c51cfbe010d8b6..bd2157805e676cb8d699e867ab74a003ee74aefd 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -366,12 +366,6 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
                ie = elems.wpa_ie - 2;
                ielen = elems.wpa_ie_len + 2;
                wpa_printf(MSG_DEBUG, "STA included WPA IE in (Re)AssocReq");
-#ifdef CONFIG_HS20
-       } else if (elems.osen) {
-               ie = elems.osen - 2;
-               ielen = elems.osen_len + 2;
-               wpa_printf(MSG_DEBUG, "STA included OSEN IE in (Re)AssocReq");
-#endif /* CONFIG_HS20 */
        } else {
                ie = NULL;
                ielen = 0;
@@ -718,29 +712,6 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
                        sta->flags |= WLAN_STA_MAYBE_WPS;
                wpabuf_free(wps);
 #endif /* CONFIG_WPS */
-#ifdef CONFIG_HS20
-       } else if (hapd->conf->osen) {
-               if (elems.osen == NULL) {
-                       hostapd_logger(
-                               hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
-                               HOSTAPD_LEVEL_INFO,
-                               "No HS 2.0 OSEN element in association request");
-                       return WLAN_STATUS_INVALID_IE;
-               }
-
-               wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
-               if (sta->wpa_sm == NULL)
-                       sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
-                                                       sta->addr, NULL);
-               if (sta->wpa_sm == NULL) {
-                       wpa_printf(MSG_WARNING,
-                                  "Failed to initialize WPA state machine");
-                       return WLAN_STATUS_UNSPECIFIED_FAILURE;
-               }
-               if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
-                                     elems.osen - 2, elems.osen_len + 2) < 0)
-                       return WLAN_STATUS_INVALID_IE;
-#endif /* CONFIG_HS20 */
        }
 #ifdef CONFIG_WPS
 skip_wpa_check:

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 1907a6b623e9e23940fae5847957f6e435d90490..2e23239e5773ff87c2a719e5a38945d507d69b37 100644 (file)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -162,7 +162,7 @@ static void hostapd_reload_bss(struct hostapd_data *hapd)
        else
                hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
 
-       if ((hapd->conf->wpa || hapd->conf->osen) && hapd->wpa_auth == NULL) {
+       if (hapd->conf->wpa && hapd->wpa_auth == NULL) {
                hostapd_setup_wpa(hapd);
                if (hapd->wpa_auth)
                        wpa_init_keys(hapd->wpa_auth);
@@ -1671,7 +1671,7 @@ setup_mld:
                return -1;
        }
 
-       if ((conf->wpa || conf->osen) && hostapd_setup_wpa(hapd))
+       if (conf->wpa && hostapd_setup_wpa(hapd))
                return -1;
 
        if (accounting_init(hapd)) {
@@ -4133,7 +4133,7 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
        /* Start accounting here, if IEEE 802.1X and WPA are not used.
         * IEEE 802.1X/WPA code will start accounting after the station has
         * been authorized. */
-       if (!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) {
+       if (!hapd->conf->ieee802_1x && !hapd->conf->wpa) {
                if (ap_sta_set_authorized(hapd, sta, 1)) {
                        /* Update driver authorized flag for the STA to cover
                         * the case where AP SME is in the driver and there is

diff --git a/src/ap/hs20.c b/src/ap/hs20.c
index 05e9b9d20fd7502bae4187254cbac38542b73f60..83af4d32bff8d1118efd911b0ef104be5ae8dbe8 100644 (file)
--- a/src/ap/hs20.c
+++ b/src/ap/hs20.c
@@ -44,62 +44,6 @@ u8 * hostapd_eid_hs20_indication(struct hostapd_data *hapd, u8 *eid)
 }
 
 
-u8 * hostapd_eid_osen(struct hostapd_data *hapd, u8 *eid)
-{
-       u8 *len;
-       u16 capab;
-
-       if (!hapd->conf->osen)
-               return eid;
-
-       *eid++ = WLAN_EID_VENDOR_SPECIFIC;
-       len = eid++; /* to be filled */
-       WPA_PUT_BE24(eid, OUI_WFA);
-       eid += 3;
-       *eid++ = HS20_OSEN_OUI_TYPE;
-
-       /* Group Data Cipher Suite */
-       RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
-       eid += RSN_SELECTOR_LEN;
-
-       /* Pairwise Cipher Suite Count and List */
-       WPA_PUT_LE16(eid, 1);
-       eid += 2;
-       RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
-       eid += RSN_SELECTOR_LEN;
-
-       /* AKM Suite Count and List */
-       WPA_PUT_LE16(eid, 1);
-       eid += 2;
-       RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
-       eid += RSN_SELECTOR_LEN;
-
-       /* RSN Capabilities */
-       capab = 0;
-       if (hapd->conf->wmm_enabled) {
-               /* 4 PTKSA replay counters when using WMM */
-               capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
-       }
-       if (hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
-               capab |= WPA_CAPABILITY_MFPC;
-               if (hapd->conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
-                       capab |= WPA_CAPABILITY_MFPR;
-       }
-#ifdef CONFIG_OCV
-       if (hapd->conf->ocv &&
-           (hapd->iface->drv_flags2 &
-            (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV)))
-               capab |= WPA_CAPABILITY_OCVC;
-#endif /* CONFIG_OCV */
-       WPA_PUT_LE16(eid, capab);
-       eid += 2;
-
-       *len = eid - len - 1;
-
-       return eid;
-}
-
-
 int hs20_send_wnm_notification(struct hostapd_data *hapd, const u8 *addr,
                               u8 osu_method, const char *url)
 {

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 6e1f119240ae3d099c74946d8a43fe753aabf374..64b5b6bbfc17289018e83e4fd3cd865b4f44a6bf 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -249,11 +249,6 @@ u16 hostapd_own_capab_info(struct hostapd_data *hapd)
        if (hapd->conf->wpa)
                privacy = 1;
 
-#ifdef CONFIG_HS20
-       if (hapd->conf->osen)
-               privacy = 1;
-#endif /* CONFIG_HS20 */
-
        if (privacy)
                capab |= WLAN_CAPABILITY_PRIVACY;
 
@@ -4551,29 +4546,6 @@ static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
                        ieee802_11_rsnx_capab_len(
                                elems->rsnxe, elems->rsnxe_len,
                                WLAN_RSNX_CAPAB_SSID_PROTECTION));
-#ifdef CONFIG_HS20
-       } else if (hapd->conf->osen) {
-               if (!elems->osen) {
-                       hostapd_logger(
-                               hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
-                               HOSTAPD_LEVEL_INFO,
-                               "No HS 2.0 OSEN element in association request");
-                       return WLAN_STATUS_INVALID_IE;
-               }
-
-               wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
-               if (sta->wpa_sm == NULL)
-                       sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
-                                                       sta->addr, NULL);
-               if (sta->wpa_sm == NULL) {
-                       wpa_printf(MSG_WARNING, "Failed to initialize WPA "
-                                  "state machine");
-                       return WLAN_STATUS_UNSPECIFIED_FAILURE;
-               }
-               if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
-                                     elems->osen - 2, elems->osen_len + 2) < 0)
-                       return WLAN_STATUS_INVALID_IE;
-#endif /* CONFIG_HS20 */
        } else
                wpa_auth_sta_no_wpa(sta->wpa_sm);
 
@@ -6953,8 +6925,7 @@ static void handle_assoc_cb(struct hostapd_data *hapd,
                new_assoc = 0;
        sta->flags |= WLAN_STA_ASSOC;
        sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
-       if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
-            !hapd->conf->osen) ||
+       if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa) ||
            sta->auth_alg == WLAN_AUTH_FILS_SK ||
            sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
            sta->auth_alg == WLAN_AUTH_FILS_PK ||

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index e8d21ff7ac0b7293234c07ff792aafff76b76fb1..1da1d23211bffc6037cc2e1e7f38087b46536233 100644 (file)
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -451,8 +451,7 @@ static int add_common_radius_sta_attr_rsn(struct hostapd_data *hapd,
                return -1;
        }
 
-       suite = wpa_cipher_to_suite(((hapd->conf->wpa & 0x2) ||
-                                    hapd->conf->osen) ?
+       suite = wpa_cipher_to_suite(((hapd->conf->wpa & 0x2)) ?
                                    WPA_PROTO_RSN : WPA_PROTO_WPA,
                                    hapd->conf->wpa_group);
        if (!hostapd_config_get_radius_attr(req_attr,
@@ -581,7 +580,7 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd,
        }
 #endif /* CONFIG_IEEE80211R_AP */
 
-       if ((hapd->conf->wpa || hapd->conf->osen) && sta->wpa_sm &&
+       if (hapd->conf->wpa && sta->wpa_sm &&
            add_common_radius_sta_attr_rsn(hapd, req_attr, sta, msg) < 0)
                return -1;
 
@@ -1123,7 +1122,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
        struct rsn_pmksa_cache_entry *pmksa;
        int key_mgmt;
 
-       if (!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen &&
+       if (!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
            !hapd->conf->wps_state)
                return;
 
@@ -1183,7 +1182,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
                return;
        }
 
-       if (!hapd->conf->ieee802_1x && !hapd->conf->osen &&
+       if (!hapd->conf->ieee802_1x &&
            !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
                wpa_printf(MSG_DEBUG,
                           "IEEE 802.1X: Ignore EAPOL message - 802.1X not enabled and WPS not used");
@@ -1356,7 +1355,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
        }
 #endif /* CONFIG_WPS */
 
-       if (!force_1x && !hapd->conf->ieee802_1x && !hapd->conf->osen) {
+       if (!force_1x && !hapd->conf->ieee802_1x) {
                wpa_printf(MSG_DEBUG,
                           "IEEE 802.1X: Ignore STA - 802.1X not enabled or forced for WPS");
                /*

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index a7e6ae2b888afab32cc0922d86ba674a9576a110..fdeac6278ac561888c5c5a1fa20be384ca9f89d5 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2784,8 +2784,7 @@ SM_STATE(WPA_PTK, PTKSTART)
        if (sm->wpa == WPA_VERSION_WPA2 &&
            (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||
             (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && sm->pmksa) ||
-            wpa_key_mgmt_sae(sm->wpa_key_mgmt)) &&
-           sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
+            wpa_key_mgmt_sae(sm->wpa_key_mgmt))) {
                pmkid = buf;
                kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
                pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
@@ -3432,7 +3431,7 @@ static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
        /* GTK KDE */
        gtk = gsm->GTK[gsm->GN - 1];
        gtk_len = gsm->GTK_len;
-       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+       if (conf->disable_gtk) {
                /*
                 * Provide unique random GTK to each STA to prevent use
                 * of GTK in the BSS.
@@ -3853,9 +3852,6 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
        if (kde.rsn_ie) {
                eapol_key_ie = kde.rsn_ie;
                eapol_key_ie_len = kde.rsn_ie_len;
-       } else if (kde.osen) {
-               eapol_key_ie = kde.osen;
-               eapol_key_ie_len = kde.osen_len;
        } else {
                eapol_key_ie = kde.wpa_ie;
                eapol_key_ie_len = kde.wpa_ie_len;
@@ -4109,7 +4105,7 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
        else
                os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
        os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
-       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+       if (conf->disable_gtk) {
                /*
                 * Provide unique random IGTK to each STA to prevent use of
                 * IGTK in the BSS.
@@ -4140,14 +4136,6 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
        else
                os_memcpy(bigtk.pn, rsc, sizeof(bigtk.pn));
        os_memcpy(bigtk.bigtk, gsm->BIGTK[gsm->GN_bigtk - 6], len);
-       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
-               /*
-                * Provide unique random BIGTK to each OSEN STA to prevent use
-                * of BIGTK in the BSS.
-                */
-               if (random_get_bytes(bigtk.bigtk, len) < 0)
-                       return pos;
-       }
        pos = wpa_add_kde(pos, RSN_KEY_DATA_BIGTK,
                          (const u8 *) &bigtk, WPA_BIGTK_KDE_PREFIX_LEN + len,
                          NULL, 0);
@@ -4841,8 +4829,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
                secure = 1;
                gtk = gsm->GTK[gsm->GN - 1];
                gtk_len = gsm->GTK_len;
-               if (conf->disable_gtk ||
-                   sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+               if (conf->disable_gtk) {
                        /*
                         * Provide unique random GTK to each STA to prevent use
                         * of GTK in the BSS.
@@ -5397,7 +5384,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
                        "sending 1/2 msg of Group Key Handshake");
 
        gtk = gsm->GTK[gsm->GN - 1];
-       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+       if (conf->disable_gtk) {
                /*
                 * Provide unique random GTK to each STA to prevent use
                 * of GTK in the BSS.
@@ -5778,7 +5765,7 @@ int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
                return 0;
        pos += 8;
        os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
-       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+       if (conf->disable_gtk) {
                /*
                 * Provide unique random GTK to each STA to prevent use
                 * of GTK in the BSS.
@@ -5817,7 +5804,7 @@ int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
        pos += 6;
 
        os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
-       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+       if (conf->disable_gtk) {
                /*
                 * Provide unique random IGTK to each STA to prevent use
                 * of IGTK in the BSS.
@@ -5856,14 +5843,6 @@ int wpa_wnmsleep_bigtk_subelem(struct wpa_state_machine *sm, u8 *pos)
        pos += 6;
 
        os_memcpy(pos, gsm->BIGTK[gsm->GN_bigtk - 6], len);
-       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
-               /*
-                * Provide unique random BIGTK to each STA to prevent use
-                * of BIGTK in the BSS.
-                */
-               if (random_get_bytes(pos, len) < 0)
-                       return 0;
-       }
        pos += len;
 
        wpa_printf(MSG_DEBUG, "WNM: BIGTK Key ID %u in WNM-Sleep Mode exit",

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index de16c314de8eb478d9587f9365b2308663018f0a..d5400a9f77d3a63dc18e5306b1008455a0465115 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2247,8 +2247,7 @@ static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
                pad_len += 8;
        if (pad_len && key_len < sizeof(keybuf)) {
                os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
-               if (conf->disable_gtk ||
-                   sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+               if (conf->disable_gtk) {
                        /*
                         * Provide unique random GTK to each STA to prevent use
                         * of GTK in the BSS.
@@ -2260,7 +2259,7 @@ static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
                keybuf[key_len] = 0xdd;
                key_len += pad_len;
                key = keybuf;
-       } else if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+       } else if (conf->disable_gtk) {
                /*
                 * Provide unique random GTK to each STA to prevent use of GTK
                 * in the BSS.
@@ -2339,7 +2338,7 @@ static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
        pos += 6;
        *pos++ = igtk_len;
        igtk = gsm->IGTK[gsm->GN_igtk - 4];
-       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+       if (conf->disable_gtk) {
                /*
                 * Provide unique random IGTK to each STA to prevent use of
                 * IGTK in the BSS.
@@ -2372,7 +2371,6 @@ static u8 * wpa_ft_bigtk_subelem(struct wpa_state_machine *sm, size_t *len)
        const u8 *kek, *bigtk;
        size_t kek_len;
        size_t bigtk_len;
-       u8 stub_bigtk[WPA_IGTK_MAX_LEN];
 
        if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
                kek = sm->PTK.kek2;
@@ -2400,17 +2398,6 @@ static u8 * wpa_ft_bigtk_subelem(struct wpa_state_machine *sm, size_t *len)
        pos += 6;
        *pos++ = bigtk_len;
        bigtk = gsm->BIGTK[gsm->GN_bigtk - 6];
-       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
-               /*
-                * Provide unique random BIGTK to each OSEN STA to prevent use
-                * of BIGTK in the BSS.
-                */
-               if (random_get_bytes(stub_bigtk, bigtk_len / 8) < 0) {
-                       os_free(subelem);
-                       return NULL;
-               }
-               bigtk = stub_bigtk;
-       }
        if (aes_wrap(kek, kek_len, bigtk_len / 8, bigtk, pos)) {
                wpa_printf(MSG_DEBUG,
                           "FT: BIGTK subelem encryption failed: kek_len=%d",

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index afd849b7eef08a1ab279f8d1dd3b8725472b3f39..83be41266ff6a0c5429f13f6a42b4e6ff3cfb503 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -110,17 +110,6 @@ static void hostapd_wpa_auth_conf(struct hostapd_iface *iface,
 #endif /* CONFIG_IEEE80211R_AP */
 #ifdef CONFIG_HS20
        wconf->disable_gtk = conf->disable_dgaf;
-       if (conf->osen) {
-               wconf->disable_gtk = 1;
-               wconf->wpa = WPA_PROTO_OSEN;
-               wconf->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
-               wconf->wpa_pairwise = 0;
-               wconf->wpa_group = WPA_CIPHER_CCMP;
-               wconf->rsn_pairwise = WPA_CIPHER_CCMP;
-               wconf->rsn_preauth = 0;
-               wconf->disable_pmksa_caching = 1;
-               wconf->ieee80211w = 1;
-       }
 #endif /* CONFIG_HS20 */
 #ifdef CONFIG_TESTING_OPTIONS
        wconf->corrupt_gtk_rekey_mic_probability =

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 93847fe7a60340f453a6bed0b5f5e9f2ed40838c..4636f7fde4309dbdd273d67038c1f9ff034f7ef2 100644 (file)
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -296,13 +296,6 @@ static u8 * rsne_write_data(u8 *buf, size_t len, u8 *pos, int group,
                num_suites++;
        }
 #endif /* CONFIG_DPP */
-#ifdef CONFIG_HS20
-       if (key_mgmt & WPA_KEY_MGMT_OSEN) {
-               RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
-               pos += RSN_SELECTOR_LEN;
-               num_suites++;
-       }
-#endif /* CONFIG_HS20 */
 #ifdef CONFIG_PASN
        if (key_mgmt & WPA_KEY_MGMT_PASN) {
                RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PASN);
@@ -581,57 +574,6 @@ static int wpa_write_rsnxe_override(struct wpa_auth_config *conf, u8 *buf,
 }
 
 
-static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
-{
-       u8 *len;
-       u16 capab;
-
-       *eid++ = WLAN_EID_VENDOR_SPECIFIC;
-       len = eid++; /* to be filled */
-       WPA_PUT_BE24(eid, OUI_WFA);
-       eid += 3;
-       *eid++ = HS20_OSEN_OUI_TYPE;
-
-       /* Group Data Cipher Suite */
-       RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
-       eid += RSN_SELECTOR_LEN;
-
-       /* Pairwise Cipher Suite Count and List */
-       WPA_PUT_LE16(eid, 1);
-       eid += 2;
-       RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
-       eid += RSN_SELECTOR_LEN;
-
-       /* AKM Suite Count and List */
-       WPA_PUT_LE16(eid, 1);
-       eid += 2;
-       RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
-       eid += RSN_SELECTOR_LEN;
-
-       /* RSN Capabilities */
-       capab = 0;
-       if (conf->wmm_enabled) {
-               /* 4 PTKSA replay counters when using WMM */
-               capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
-       }
-       if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
-               capab |= WPA_CAPABILITY_MFPC;
-               if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
-                       capab |= WPA_CAPABILITY_MFPR;
-       }
-#ifdef CONFIG_OCV
-       if (conf->ocv)
-               capab |= WPA_CAPABILITY_OCVC;
-#endif /* CONFIG_OCV */
-       WPA_PUT_LE16(eid, capab);
-       eid += 2;
-
-       *len = eid - len - 1;
-
-       return eid;
-}
-
-
 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
 {
        u8 *pos, buf[1500];
@@ -656,9 +598,6 @@ int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
 
        pos = buf;
 
-       if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
-               pos = wpa_write_osen(&wpa_auth->conf, pos);
-       }
        if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
 #ifdef CONFIG_TESTING_OPTIONS
                if (wpa_auth->conf.rsne_override_set) {
@@ -960,10 +899,6 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
                else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
                        selector = RSN_AUTH_KEY_MGMT_DPP;
 #endif /* CONFIG_DPP */
-#ifdef CONFIG_HS20
-               else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
-                       selector = RSN_AUTH_KEY_MGMT_OSEN;
-#endif /* CONFIG_HS20 */
 #ifdef CONFIG_SHA384
                else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384)
                        selector = RSN_AUTH_KEY_MGMT_802_1X_SHA384;
@@ -1084,10 +1019,6 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
        else if (key_mgmt & WPA_KEY_MGMT_DPP)
                sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
 #endif /* CONFIG_DPP */
-#ifdef CONFIG_HS20
-       else if (key_mgmt & WPA_KEY_MGMT_OSEN)
-               sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
-#endif /* CONFIG_HS20 */
        else
                sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
 
@@ -1386,36 +1317,6 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 }
 
 
-#ifdef CONFIG_HS20
-int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
-                     struct wpa_state_machine *sm,
-                     const u8 *osen_ie, size_t osen_ie_len)
-{
-       if (wpa_auth == NULL || sm == NULL)
-               return -1;
-
-       /* TODO: parse OSEN element */
-       sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
-       sm->mgmt_frame_prot = 1;
-       sm->pairwise = WPA_CIPHER_CCMP;
-       sm->wpa = WPA_VERSION_WPA2;
-
-       if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
-               os_free(sm->wpa_ie);
-               sm->wpa_ie = os_malloc(osen_ie_len);
-               if (sm->wpa_ie == NULL)
-                       return -1;
-       }
-
-       os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
-       sm->wpa_ie_len = osen_ie_len;
-
-       return 0;
-}
-
-#endif /* CONFIG_HS20 */
-
-
 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
 {
        return sm ? sm->mgmt_frame_prot : 0;

diff --git a/src/common/defs.h b/src/common/defs.h
index 85e0f02d1d5b2735bcac2c3dd9786e00b968843a..0a79ba2a628d979bb4293c45524caa7766a83950 100644 (file)
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -39,7 +39,6 @@
 #define WPA_KEY_MGMT_WAPI_PSK BIT(12)
 #define WPA_KEY_MGMT_WAPI_CERT BIT(13)
 #define WPA_KEY_MGMT_CCKM BIT(14)
-#define WPA_KEY_MGMT_OSEN BIT(15)
 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B BIT(16)
 #define WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 BIT(17)
 #define WPA_KEY_MGMT_FILS_SHA256 BIT(18)
@@ -69,7 +68,6 @@ static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
                         WPA_KEY_MGMT_FT_IEEE8021X |
                         WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
                         WPA_KEY_MGMT_CCKM |
-                        WPA_KEY_MGMT_OSEN |
                         WPA_KEY_MGMT_IEEE8021X_SHA256 |
                         WPA_KEY_MGMT_IEEE8021X_SUITE_B |
                         WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
@@ -153,7 +151,6 @@ static inline int wpa_key_mgmt_sha256(int akm)
                         WPA_KEY_MGMT_IEEE8021X_SHA256 |
                         WPA_KEY_MGMT_SAE |
                         WPA_KEY_MGMT_FT_SAE |
-                        WPA_KEY_MGMT_OSEN |
                         WPA_KEY_MGMT_IEEE8021X_SUITE_B |
                         WPA_KEY_MGMT_FILS_SHA256 |
                         WPA_KEY_MGMT_FT_FILS_SHA256));
@@ -205,7 +202,6 @@ static inline int wpa_key_mgmt_cross_akm(int akm)
 #define WPA_PROTO_WPA BIT(0)
 #define WPA_PROTO_RSN BIT(1)
 #define WPA_PROTO_WAPI BIT(2)
-#define WPA_PROTO_OSEN BIT(3)
 
 #define WPA_AUTH_ALG_OPEN BIT(0)
 #define WPA_AUTH_ALG_SHARED BIT(1)

diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index f8e85296167099f124e17c74f1f433858db54ae6..ba6262765664d83b986f99793080a4766db2f965 100644 (file)
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -111,11 +111,6 @@ static int ieee802_11_parse_vendor_specific(const u8 *pos, size_t elen,
                        elems->hs20 = pos;
                        elems->hs20_len = elen;
                        break;
-               case HS20_OSEN_OUI_TYPE:
-                       /* Hotspot 2.0 OSEN */
-                       elems->osen = pos;
-                       elems->osen_len = elen;
-                       break;
                case MBO_OUI_TYPE:
                        /* MBO-OCE */
                        elems->mbo = pos;

diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index e22138c7d72fc15136b2d52b678f7120bef8748b..0edd34c653bf9e75e03a00f342ac304f7d698572 100644 (file)
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -75,7 +75,6 @@ struct ieee802_11_elems {
        const u8 *ext_capab;
        const u8 *bss_max_idle_period;
        const u8 *ssid_list;
-       const u8 *osen;
        const u8 *mbo;
        const u8 *ampe;
        const u8 *mic;
@@ -151,7 +150,6 @@ struct ieee802_11_elems {
        u8 hs20_len;
        u8 ext_capab_len;
        u8 ssid_list_len;
-       u8 osen_len;
        u8 mbo_len;
        u8 ampe_len;
        u8 mic_len;

diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index f9e6f2bb3b251534d4ad89b955d316a40a8bddd2..9143c9171bb7ccfd17eb4d5a4a40131184a6a4fc 100644 (file)
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -1451,7 +1451,6 @@ struct ieee80211_ampe_ie {
 #define WFD_IE_VENDOR_TYPE 0x506f9a0a
 #define WFD_OUI_TYPE 10
 #define HS20_IE_VENDOR_TYPE 0x506f9a10
-#define OSEN_IE_VENDOR_TYPE 0x506f9a12
 #define NAN_IE_VENDOR_TYPE 0x506f9a13
 #define NAN_SDF_VENDOR_TYPE 0x506f9a13
 #define NAN_OUI_TYPE 0x13
@@ -1610,7 +1609,6 @@ enum wmm_ac {
 
 #define HS20_INDICATION_OUI_TYPE 16
 #define HS20_ANQP_OUI_TYPE 17
-#define HS20_OSEN_OUI_TYPE 18
 #define HS20_ROAMING_CONS_SEL_OUI_TYPE 29
 #define HS20_STYPE_QUERY_LIST 1
 #define HS20_STYPE_CAPABILITY_LIST 2

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 9c96269d5856542d637b418269f938f856b72b1e..613ea7fdeda62724716de450003b190407bdf68a 100644 (file)
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -134,8 +134,7 @@ unsigned int wpa_mic_len(int akmp, size_t pmk_len)
  */
 int wpa_use_akm_defined(int akmp)
 {
-       return akmp == WPA_KEY_MGMT_OSEN ||
-               akmp == WPA_KEY_MGMT_OWE ||
+       return akmp == WPA_KEY_MGMT_OWE ||
                akmp == WPA_KEY_MGMT_DPP ||
                akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384 ||
                akmp == WPA_KEY_MGMT_IEEE8021X_SHA384 ||
@@ -152,8 +151,7 @@ int wpa_use_akm_defined(int akmp)
  */
 int wpa_use_cmac(int akmp)
 {
-       return akmp == WPA_KEY_MGMT_OSEN ||
-               akmp == WPA_KEY_MGMT_OWE ||
+       return akmp == WPA_KEY_MGMT_OWE ||
                akmp == WPA_KEY_MGMT_DPP ||
                wpa_key_mgmt_ft(akmp) ||
                wpa_key_mgmt_sha256(akmp) ||
@@ -174,8 +172,7 @@ int wpa_use_cmac(int akmp)
  */
 int wpa_use_aes_key_wrap(int akmp)
 {
-       return akmp == WPA_KEY_MGMT_OSEN ||
-               akmp == WPA_KEY_MGMT_OWE ||
+       return akmp == WPA_KEY_MGMT_OWE ||
                akmp == WPA_KEY_MGMT_DPP ||
                akmp == WPA_KEY_MGMT_IEEE8021X_SHA384 ||
                wpa_key_mgmt_ft(akmp) ||
@@ -266,12 +263,6 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver,
                        os_memcpy(mic, hash, key_len);
                        break;
 #endif /* CONFIG_SAE */
-#ifdef CONFIG_HS20
-               case WPA_KEY_MGMT_OSEN:
-                       wpa_printf(MSG_DEBUG,
-                                  "WPA: EAPOL-Key MIC using AES-CMAC (AKM-defined - OSEN)");
-                       return omac1_aes_128(key, buf, len, mic);
-#endif /* CONFIG_HS20 */
 #ifdef CONFIG_SUITEB
                case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
                        wpa_printf(MSG_DEBUG,
@@ -1831,8 +1822,6 @@ static int rsn_key_mgmt_to_bitfield(const u8 *s)
        if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_DPP)
                return WPA_KEY_MGMT_DPP;
 #endif /* CONFIG_DPP */
-       if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_OSEN)
-               return WPA_KEY_MGMT_OSEN;
 #ifdef CONFIG_PASN
        if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PASN)
                return WPA_KEY_MGMT_PASN;
@@ -1893,17 +1882,7 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
                return -1;
        }
 
-       if (rsn_ie_len >= 6 && rsn_ie[1] >= 4 &&
-           rsn_ie[1] == rsn_ie_len - 2 &&
-           WPA_GET_BE32(&rsn_ie[2]) == OSEN_IE_VENDOR_TYPE) {
-               pos = rsn_ie + 6;
-               left = rsn_ie_len - 6;
-
-               data->group_cipher = WPA_CIPHER_GTK_NOT_USED;
-               data->has_group = 1;
-               data->key_mgmt = WPA_KEY_MGMT_OSEN;
-               data->proto = WPA_PROTO_OSEN;
-       } else if (rsn_ie_len >= 2 + 4 + 2 && rsn_ie[1] >= 4 + 2 &&
+       if (rsn_ie_len >= 2 + 4 + 2 && rsn_ie[1] >= 4 + 2 &&
                   rsn_ie[1] == rsn_ie_len - 2 &&
                   (WPA_GET_BE32(&rsn_ie[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE ||
                    WPA_GET_BE32(&rsn_ie[2]) ==
@@ -2801,8 +2780,6 @@ const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
                return "FT-SAE";
        case WPA_KEY_MGMT_FT_SAE_EXT_KEY:
                return "FT-SAE-EXT-KEY";
-       case WPA_KEY_MGMT_OSEN:
-               return "OSEN";
        case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
                return "WPA2-EAP-SUITE-B";
        case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
@@ -2849,8 +2826,6 @@ u32 wpa_akm_to_suite(int akm)
                return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
        if (akm & WPA_KEY_MGMT_CCKM)
                return RSN_AUTH_KEY_MGMT_CCKM;
-       if (akm & WPA_KEY_MGMT_OSEN)
-               return RSN_AUTH_KEY_MGMT_OSEN;
        if (akm & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
                return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
        if (akm & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
@@ -3483,12 +3458,6 @@ static int wpa_parse_generic(const u8 *pos, struct wpa_eapol_ie_parse *ie)
                return 0;
        }
 
-       if (selector == OSEN_IE_VENDOR_TYPE) {
-               ie->osen = pos;
-               ie->osen_len = dlen;
-               return 0;
-       }
-
        if (left >= PMKID_LEN && selector == RSN_KEY_DATA_PMKID) {
                ie->pmkid = p;
                wpa_hexdump(MSG_DEBUG, "WPA: PMKID in EAPOL-Key", pos, dlen);

diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index e8abe230862b69d136e59e5c9074171060878757..d2c326c43c168fe51208bd7624e60dd2d7688612 100644 (file)
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -94,7 +94,6 @@ WPA_CIPHER_BIP_CMAC_256)
 #define RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY RSN_SELECTOR(0x00, 0x0f, 0xac, 25)
 
 #define RSN_AUTH_KEY_MGMT_CCKM RSN_SELECTOR(0x00, 0x40, 0x96, 0x00)
-#define RSN_AUTH_KEY_MGMT_OSEN RSN_SELECTOR(0x50, 0x6f, 0x9a, 0x01)
 #define RSN_AUTH_KEY_MGMT_DPP RSN_SELECTOR(0x50, 0x6f, 0x9a, 0x02)
 
 #define RSN_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x0f, 0xac, 0)

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index b9d3d0013b03f3c8991c86b3d5bd181b15094373..566475214b561499afd9e06b7eaabd74d5cd0904 100644 (file)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1649,11 +1649,6 @@ struct wpa_driver_ap_params {
         */
        int disable_dgaf;
 
-       /**
-        * osen - Whether OSEN security is enabled
-        */
-       int osen;
-
        /**
         * freq - Channel parameters for dynamic bandwidth changes
         */
@@ -2153,7 +2148,6 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_CAPA_KEY_MGMT_FT_SAE                0x00100000
 #define WPA_DRIVER_CAPA_KEY_MGMT_FT_802_1X_SHA384      0x00200000
 #define WPA_DRIVER_CAPA_KEY_MGMT_CCKM          0x00400000
-#define WPA_DRIVER_CAPA_KEY_MGMT_OSEN          0x00800000
 #define WPA_DRIVER_CAPA_KEY_MGMT_SAE_EXT_KEY   0x01000000
 #define WPA_DRIVER_CAPA_KEY_MGMT_FT_SAE_EXT_KEY        0x02000000
        /** Bitfield of supported key management suites */

diff --git a/src/drivers/driver_atheros.c b/src/drivers/driver_atheros.c
index 47da8669e857977417122994b8fdec73a60f037b..8fb23a8026a6b414fa4c81ce60e7ed6e272bd407 100644 (file)
--- a/src/drivers/driver_atheros.c
+++ b/src/drivers/driver_atheros.c
@@ -1943,25 +1943,6 @@ static int atheros_set_ap(void *priv, struct wpa_driver_ap_params *params)
        wpa_hexdump_buf(MSG_DEBUG, "atheros: assocresp_ies",
                        params->assocresp_ies);
 
-#if defined(CONFIG_HS20) && (defined(IEEE80211_PARAM_OSEN) || defined(CONFIG_ATHEROS_OSEN))
-       if (params->osen) {
-               struct wpa_bss_params bss_params;
-
-               os_memset(&bss_params, 0, sizeof(struct wpa_bss_params));
-               bss_params.enabled = 1;
-               bss_params.wpa = 2;
-               bss_params.wpa_pairwise = WPA_CIPHER_CCMP;
-               bss_params.wpa_group = WPA_CIPHER_CCMP;
-               bss_params.ieee802_1x = 1;
-
-               if (atheros_set_privacy(priv, 1) ||
-                   set80211param(priv, IEEE80211_PARAM_OSEN, 1))
-                       return -1;
-
-               return atheros_set_ieee8021x(priv, &bss_params);
-       }
-#endif /* CONFIG_HS20 && IEEE80211_PARAM_OSEN */
-
        return 0;
 }
 

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 3d5d62e1be4fe703f4f2ac0223a74f7d5a003307..bc92d45aedcdf06be073a12989faeac2f0886e1c 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3424,7 +3424,6 @@ static int wpa_key_mgmt_to_suites(unsigned int key_mgmt_suites, u32 suites[],
        __AKM(FT_SAE, FT_SAE);
        __AKM(FT_SAE_EXT_KEY, FT_SAE_EXT_KEY);
        __AKM(CCKM, CCKM);
-       __AKM(OSEN, OSEN);
        __AKM(IEEE8021X_SUITE_B, 802_1X_SUITE_B);
        __AKM(IEEE8021X_SUITE_B_192, 802_1X_SUITE_B_192);
        __AKM(FILS_SHA256, FILS_SHA256);
@@ -6950,7 +6949,6 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
            params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X ||
            params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK ||
            params->key_mgmt_suite == WPA_KEY_MGMT_CCKM ||
-           params->key_mgmt_suite == WPA_KEY_MGMT_OSEN ||
            params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
            params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
            params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
@@ -7008,9 +7006,6 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
                case WPA_KEY_MGMT_PSK_SHA256:
                        mgmt[0] = RSN_AUTH_KEY_MGMT_PSK_SHA256;
                        break;
-               case WPA_KEY_MGMT_OSEN:
-                       mgmt[0] = RSN_AUTH_KEY_MGMT_OSEN;
-                       break;
                case WPA_KEY_MGMT_SAE:
                        mgmt[0] = RSN_AUTH_KEY_MGMT_SAE;
                        break;

diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 3442e7231d04f0db2c073c74b29baafe6157fe20..dc3a99c9ec0f18650b2817279c47ee11e5135850 100644 (file)
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -303,9 +303,6 @@ static unsigned int get_akm_suites_info(struct nlattr *tb)
                case RSN_AUTH_KEY_MGMT_CCKM:
                        key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_CCKM;
                        break;
-               case RSN_AUTH_KEY_MGMT_OSEN:
-                       key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_OSEN;
-                       break;
                case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B:
                        key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B;
                        break;

diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index 4167e992b3f56ae00daf94d43f2312c87185dd1a..7e167f0b2d9e1629b115c1aa3f0ea0df4498f320 100644 (file)
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -106,33 +106,6 @@ static void * eap_unauth_tls_init(struct eap_sm *sm)
 #endif /* EAP_UNAUTH_TLS */
 
 
-#ifdef CONFIG_HS20
-static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
-{
-       struct eap_tls_data *data;
-       struct eap_peer_config *config = eap_get_config(sm);
-
-       data = os_zalloc(sizeof(*data));
-       if (data == NULL)
-               return NULL;
-
-       data->ssl_ctx = sm->init_phase2 && sm->ssl_ctx2 ? sm->ssl_ctx2 :
-               sm->ssl_ctx;
-
-       if (eap_peer_tls_ssl_init(sm, &data->ssl, config,
-                                 EAP_WFA_UNAUTH_TLS_TYPE)) {
-               wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
-               eap_tls_deinit(sm, data);
-               return NULL;
-       }
-
-       data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
-
-       return data;
-}
-#endif /* CONFIG_HS20 */
-
-
 static void eap_tls_free_key(struct eap_tls_data *data)
 {
        if (data->key_data) {
@@ -478,31 +451,3 @@ int eap_peer_unauth_tls_register(void)
        return eap_peer_method_register(eap);
 }
 #endif /* EAP_UNAUTH_TLS */
-
-
-#ifdef CONFIG_HS20
-int eap_peer_wfa_unauth_tls_register(void)
-{
-       struct eap_method *eap;
-
-       eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
-                                   EAP_VENDOR_WFA_NEW,
-                                   EAP_VENDOR_WFA_UNAUTH_TLS,
-                                   "WFA-UNAUTH-TLS");
-       if (eap == NULL)
-               return -1;
-
-       eap->init = eap_wfa_unauth_tls_init;
-       eap->deinit = eap_tls_deinit;
-       eap->process = eap_tls_process;
-       eap->isKeyAvailable = eap_tls_isKeyAvailable;
-       eap->getKey = eap_tls_getKey;
-       eap->get_status = eap_tls_get_status;
-       eap->has_reauth_data = eap_tls_has_reauth_data;
-       eap->deinit_for_reauth = eap_tls_deinit_for_reauth;
-       eap->init_for_reauth = eap_tls_init_for_reauth;
-       eap->get_emsk = eap_tls_get_emsk;
-
-       return eap_peer_method_register(eap);
-}
-#endif /* CONFIG_HS20 */

diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index ea60b1172d115685f0824861b0beb2b61771ee93..9b40b3a8559c1477500208277254bda397cebd49 100644 (file)
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -23,10 +23,6 @@ static struct wpabuf * eap_tls_msg_alloc(enum eap_type type, size_t payload_len,
                return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
                                     EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
                                     code, identifier);
-       if (type == EAP_WFA_UNAUTH_TLS_TYPE)
-               return eap_msg_alloc(EAP_VENDOR_WFA_NEW,
-                                    EAP_VENDOR_WFA_UNAUTH_TLS, payload_len,
-                                    code, identifier);
        return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
                             identifier);
 }
@@ -195,8 +191,7 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
        }
 #ifndef EAP_TLSV1_3
        if (data->eap_type == EAP_TYPE_TLS ||
-           data->eap_type == EAP_UNAUTH_TLS_TYPE ||
-           data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE) {
+           data->eap_type == EAP_UNAUTH_TLS_TYPE) {
                /* While the current EAP-TLS implementation is more or less
                 * complete for TLS v1.3, there has been only minimal
                 * interoperability testing with other implementations, so
@@ -928,10 +923,6 @@ const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
                pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
                                       EAP_VENDOR_TYPE_UNAUTH_TLS, reqData,
                                       &left);
-       else if (eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
-               pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
-                                      EAP_VENDOR_WFA_UNAUTH_TLS, reqData,
-                                      &left);
        else
                pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, reqData,
                                       &left);

diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
index 3348634138960f752602fe17088c10cbb3429dba..2551ff551e072f51390e9f3c38d92ad30bc95e00 100644 (file)
--- a/src/eap_peer/eap_tls_common.h
+++ b/src/eap_peer/eap_tls_common.h
@@ -99,7 +99,6 @@ struct eap_ssl_data {
 
 /* stub type used as a flag for UNAUTH-TLS */
 #define EAP_UNAUTH_TLS_TYPE 255
-#define EAP_WFA_UNAUTH_TLS_TYPE 254
 
 
 int eap_peer_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 443c293ce6586bd5eba771286577399bf0b929a8..0caa4c3b7b271fde66292bb339c0c67e3d82d895 100644 (file)
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -114,29 +114,6 @@ static void * eap_unauth_tls_init(struct eap_sm *sm)
 #endif /* EAP_SERVER_UNAUTH_TLS */
 
 
-#ifdef CONFIG_HS20
-static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
-{
-       struct eap_tls_data *data;
-
-       data = os_zalloc(sizeof(*data));
-       if (data == NULL)
-               return NULL;
-       data->state = START;
-
-       if (eap_server_tls_ssl_init(sm, &data->ssl, 0,
-                                   EAP_WFA_UNAUTH_TLS_TYPE)) {
-               wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
-               eap_tls_reset(sm, data);
-               return NULL;
-       }
-
-       data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
-       return data;
-}
-#endif /* CONFIG_HS20 */
-
-
 static void eap_tls_reset(struct eap_sm *sm, void *priv)
 {
        struct eap_tls_data *data = priv;
@@ -237,10 +214,6 @@ static bool eap_tls_check(struct eap_sm *sm, void *priv,
                pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
                                       EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
                                       &len);
-       else if (data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
-               pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
-                                      EAP_VENDOR_WFA_UNAUTH_TLS, respData,
-                                      &len);
        else
                pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_type,
                                       respData, &len);
@@ -474,30 +447,3 @@ int eap_server_unauth_tls_register(void)
        return eap_server_method_register(eap);
 }
 #endif /* EAP_SERVER_UNAUTH_TLS */
-
-
-#ifdef CONFIG_HS20
-int eap_server_wfa_unauth_tls_register(void)
-{
-       struct eap_method *eap;
-
-       eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
-                                     EAP_VENDOR_WFA_NEW,
-                                     EAP_VENDOR_WFA_UNAUTH_TLS,
-                                     "WFA-UNAUTH-TLS");
-       if (eap == NULL)
-               return -1;
-
-       eap->init = eap_wfa_unauth_tls_init;
-       eap->reset = eap_tls_reset;
-       eap->buildReq = eap_tls_buildReq;
-       eap->check = eap_tls_check;
-       eap->process = eap_tls_process;
-       eap->isDone = eap_tls_isDone;
-       eap->getKey = eap_tls_getKey;
-       eap->isSuccess = eap_tls_isSuccess;
-       eap->get_emsk = eap_tls_get_emsk;
-
-       return eap_server_method_register(eap);
-}
-#endif /* CONFIG_HS20 */

diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 717af2e89b71b2ef928eb0085bc6a8a266fb66dd..81d1eedd423ce40dc537dd88466d2472a96ee42e 100644 (file)
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -25,10 +25,6 @@ struct wpabuf * eap_tls_msg_alloc(enum eap_type type, size_t payload_len,
                return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
                                     EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
                                     code, identifier);
-       else if (type == EAP_WFA_UNAUTH_TLS_TYPE)
-               return eap_msg_alloc(EAP_VENDOR_WFA_NEW,
-                                    EAP_VENDOR_WFA_UNAUTH_TLS, payload_len,
-                                    code, identifier);
        return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
                             identifier);
 }
@@ -541,10 +537,6 @@ int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
                pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
                                       EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
                                       &left);
-       else if (eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
-               pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
-                                      EAP_VENDOR_WFA_UNAUTH_TLS, respData,
-                                      &left);
        else
                pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, respData,
                                       &left);

diff --git a/src/eap_server/eap_tls_common.h b/src/eap_server/eap_tls_common.h
index ad28c796267256b47a0b925a0d5fbdddb0df49e9..2a8faf9f408940acf3c192a0ef6652aab480951f 100644 (file)
--- a/src/eap_server/eap_tls_common.h
+++ b/src/eap_server/eap_tls_common.h
@@ -72,7 +72,6 @@ struct eap_ssl_data {
 
 /* stub type used as a flag for UNAUTH-TLS */
 #define EAP_UNAUTH_TLS_TYPE 255
-#define EAP_WFA_UNAUTH_TLS_TYPE 254
 
 
 struct wpabuf * eap_tls_msg_alloc(enum eap_type type, size_t payload_len,

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 0d8473841b313b74c4a9ee50e8a921fe4f6491d5..49412854c396b94107b96937eff4255de1a94c92 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -255,8 +255,7 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
        if (rbuf == NULL)
                return;
 
-       reply->type = (sm->proto == WPA_PROTO_RSN ||
-                      sm->proto == WPA_PROTO_OSEN) ?
+       reply->type = (sm->proto == WPA_PROTO_RSN) ?
                EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
        key_info = WPA_KEY_INFO_REQUEST | ver;
        key_info |= WPA_KEY_INFO_SECURE;
@@ -481,8 +480,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 
        if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
            !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
-           !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
-       {
+           !wpa_key_mgmt_ft(sm->key_mgmt)) {
                /* Send EAPOL-Start to trigger full EAP authentication. */
                u8 *buf;
                size_t buflen;
@@ -636,8 +634,7 @@ int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
                return -1;
        }
 
-       reply->type = (sm->proto == WPA_PROTO_RSN ||
-                      sm->proto == WPA_PROTO_OSEN) ?
+       reply->type = (sm->proto == WPA_PROTO_RSN) ?
                EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
        key_info = ver | WPA_KEY_INFO_KEY_TYPE;
        if (sm->ptk_set && sm->proto != WPA_PROTO_WPA)
@@ -653,7 +650,7 @@ int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
                key_info |= sm->eapol_2_key_info_set_mask;
 #endif /* CONFIG_TESTING_OPTIONS */
        WPA_PUT_BE16(reply->key_info, key_info);
-       if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
+       if (sm->proto == WPA_PROTO_RSN)
                WPA_PUT_BE16(reply->key_length, 0);
        else
                os_memcpy(reply->key_length, key->key_length, 2);
@@ -1260,7 +1257,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
        }
        rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
 
-       if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
+       if (sm->proto == WPA_PROTO_RSN) {
                key_rsc = null_rsc;
        } else {
                key_rsc = key->key_rsc;
@@ -2371,8 +2368,7 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
                return -1;
        }
 
-       reply->type = (sm->proto == WPA_PROTO_RSN ||
-                      sm->proto == WPA_PROTO_OSEN) ?
+       reply->type = (sm->proto == WPA_PROTO_RSN) ?
                EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
        key_info &= WPA_KEY_INFO_SECURE;
        key_info |= ver | WPA_KEY_INFO_KEY_TYPE;
@@ -2385,7 +2381,7 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
                key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
 #endif /* CONFIG_TESTING_OPTIONS */
        WPA_PUT_BE16(reply->key_info, key_info);
-       if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
+       if (sm->proto == WPA_PROTO_RSN)
                WPA_PUT_BE16(reply->key_length, 0);
        else
                os_memcpy(reply->key_length, key->key_length, 2);
@@ -3037,8 +3033,7 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
        if (rbuf == NULL)
                return -1;
 
-       reply->type = (sm->proto == WPA_PROTO_RSN ||
-                      sm->proto == WPA_PROTO_OSEN) ?
+       reply->type = (sm->proto == WPA_PROTO_RSN) ?
                EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
        key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
        key_info |= ver | WPA_KEY_INFO_SECURE;
@@ -3047,7 +3042,7 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
        else
                key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
        WPA_PUT_BE16(reply->key_info, key_info);
-       if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
+       if (sm->proto == WPA_PROTO_RSN)
                WPA_PUT_BE16(reply->key_length, 0);
        else
                os_memcpy(reply->key_length, key->key_length, 2);
@@ -4089,7 +4084,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
        }
 #endif /* CONFIG_FILS */
 
-       if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
+       if (sm->proto == WPA_PROTO_RSN &&
            (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) {
                /*
                 * Only decrypt the Key Data field if the frame's authenticity
@@ -4159,8 +4154,7 @@ static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
 {
        switch (sm->key_mgmt) {
        case WPA_KEY_MGMT_IEEE8021X:
-               return ((sm->proto == WPA_PROTO_RSN ||
-                        sm->proto == WPA_PROTO_OSEN) ?
+               return ((sm->proto == WPA_PROTO_RSN) ?
                        RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
                        WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
        case WPA_KEY_MGMT_PSK:

diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index d07f5b367f257641529af8efc6aca71828f3d612..d27bcf905da5b03ac3bbc749c803e18dc8788e00 100644 (file)
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -30,9 +30,6 @@ int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
 {
        if (wpa_ie_len >= 1 && wpa_ie[0] == WLAN_EID_RSN)
                return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
-       if (wpa_ie_len >= 6 && wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC &&
-           wpa_ie[1] >= 4 && WPA_GET_BE32(&wpa_ie[2]) == OSEN_IE_VENDOR_TYPE)
-               return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
        if (wpa_ie_len >= 6 && wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC &&
            wpa_ie[1] >= 4 &&
            WPA_GET_BE32(&wpa_ie[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE)
@@ -233,10 +230,6 @@ static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
        } else if (key_mgmt & WPA_KEY_MGMT_DPP) {
                RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
 #endif /* CONFIG_DPP */
-#ifdef CONFIG_HS20
-       } else if (key_mgmt & WPA_KEY_MGMT_OSEN) {
-               RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
-#endif /* CONFIG_HS20 */
 #ifdef CONFIG_SHA384
        } else if (key_mgmt == WPA_KEY_MGMT_IEEE8021X_SHA384) {
                RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA384);
@@ -282,64 +275,6 @@ static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
 }
 
 
-#ifdef CONFIG_HS20
-static int wpa_gen_wpa_ie_osen(u8 *wpa_ie, size_t wpa_ie_len,
-                              int pairwise_cipher, int group_cipher,
-                              int key_mgmt)
-{
-       u8 *pos, *len;
-       u32 suite;
-
-       if (wpa_ie_len < 2 + 4 + RSN_SELECTOR_LEN +
-           2 + RSN_SELECTOR_LEN + 2 + RSN_SELECTOR_LEN)
-               return -1;
-
-       pos = wpa_ie;
-       *pos++ = WLAN_EID_VENDOR_SPECIFIC;
-       len = pos++; /* to be filled */
-       WPA_PUT_BE24(pos, OUI_WFA);
-       pos += 3;
-       *pos++ = HS20_OSEN_OUI_TYPE;
-
-       /* Group Data Cipher Suite */
-       suite = wpa_cipher_to_suite(WPA_PROTO_RSN, group_cipher);
-       if (suite == 0) {
-               wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
-                          group_cipher);
-               return -1;
-       }
-       RSN_SELECTOR_PUT(pos, suite);
-       pos += RSN_SELECTOR_LEN;
-
-       /* Pairwise Cipher Suite Count and List */
-       WPA_PUT_LE16(pos, 1);
-       pos += 2;
-       suite = wpa_cipher_to_suite(WPA_PROTO_RSN, pairwise_cipher);
-       if (suite == 0 ||
-           (!wpa_cipher_valid_pairwise(pairwise_cipher) &&
-            pairwise_cipher != WPA_CIPHER_NONE)) {
-               wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
-                          pairwise_cipher);
-               return -1;
-       }
-       RSN_SELECTOR_PUT(pos, suite);
-       pos += RSN_SELECTOR_LEN;
-
-       /* AKM Suite Count and List */
-       WPA_PUT_LE16(pos, 1);
-       pos += 2;
-       RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
-       pos += RSN_SELECTOR_LEN;
-
-       *len = pos - len - 1;
-
-       WPA_ASSERT((size_t) (pos - wpa_ie) <= wpa_ie_len);
-
-       return pos - wpa_ie;
-}
-#endif /* CONFIG_HS20 */
-
-
 /**
  * wpa_gen_wpa_ie - Generate WPA/RSN IE based on current security policy
  * @sm: Pointer to WPA state machine data from wpa_sm_init()
@@ -355,13 +290,6 @@ int wpa_gen_wpa_ie(struct wpa_sm *sm, u8 *wpa_ie, size_t wpa_ie_len)
                                          sm->group_cipher,
                                          sm->key_mgmt, sm->mgmt_group_cipher,
                                          sm);
-#ifdef CONFIG_HS20
-       else if (sm->proto == WPA_PROTO_OSEN)
-               return wpa_gen_wpa_ie_osen(wpa_ie, wpa_ie_len,
-                                          sm->pairwise_cipher,
-                                          sm->group_cipher,
-                                          sm->key_mgmt);
-#endif /* CONFIG_HS20 */
        else
                return wpa_gen_wpa_ie_wpa(wpa_ie, wpa_ie_len,
                                          sm->pairwise_cipher,

diff --git a/wlantest/bss.c b/wlantest/bss.c
index b0de1d4eb1b4a3b0a944f9900e4f419003f9614e..0e94ab1cc2408294e66ba94165e67f2fa3a20659 100644 (file)
--- a/wlantest/bss.c
+++ b/wlantest/bss.c
@@ -174,27 +174,6 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
                bss_add_pmk(wt, bss);
        }
 
-       if (elems->osen == NULL) {
-               if (bss->osenie[0]) {
-                       add_note(wt, MSG_INFO, "BSS " MACSTR
-                                " - OSEN IE removed", MAC2STR(bss->bssid));
-                       bss->rsnie[0] = 0;
-                       update = 1;
-               }
-       } else {
-               if (bss->osenie[0] == 0 ||
-                   os_memcmp(bss->osenie, elems->osen - 2,
-                             elems->osen_len + 2) != 0) {
-                       wpa_printf(MSG_INFO, "BSS " MACSTR " - OSEN IE "
-                                  "stored", MAC2STR(bss->bssid));
-                       wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
-                                   elems->osen_len + 2);
-                       update = 1;
-               }
-               os_memcpy(bss->osenie, elems->osen - 2,
-                         elems->osen_len + 2);
-       }
-
        /* S1G does not include RSNE in beacon, so only clear it from
         * Probe Response frames. Note this assumes short beacons were dropped
         * due to missing SSID above.
@@ -315,33 +294,25 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
                }
        }
 
-       if (bss->osenie[0]) {
-               bss->proto |= WPA_PROTO_OSEN;
-               bss->pairwise_cipher |= WPA_CIPHER_CCMP;
-               bss->group_cipher |= WPA_CIPHER_CCMP;
-               bss->key_mgmt |= WPA_KEY_MGMT_OSEN;
-       }
-
        if (!(bss->proto & WPA_PROTO_RSN) ||
            !(bss->rsn_capab & WPA_CAPABILITY_MFPC))
                bss->mgmt_group_cipher = 0;
 
-       if (!bss->wpaie[0] && !bss->rsnie[0] && !bss->osenie[0] &&
+       if (!bss->wpaie[0] && !bss->rsnie[0] &&
            (bss->capab_info & WLAN_CAPABILITY_PRIVACY))
                bss->group_cipher = WPA_CIPHER_WEP40;
 
        wpa_printf(MSG_INFO, "BSS " MACSTR
-                  " proto=%s%s%s%s"
+                  " proto=%s%s%s"
                   "pairwise=%s%s%s%s%s%s%s"
                   "group=%s%s%s%s%s%s%s%s%s"
                   "mgmt_group_cipher=%s%s%s%s%s"
-                  "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
+                  "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
                   "rsn_capab=%s%s%s%s%s%s%s%s%s%s",
                   MAC2STR(bss->bssid),
                   bss->proto == 0 ? "OPEN " : "",
                   bss->proto & WPA_PROTO_WPA ? "WPA " : "",
                   bss->proto & WPA_PROTO_RSN ? "WPA2 " : "",
-                  bss->proto & WPA_PROTO_OSEN ? "OSEN " : "",
                   bss->pairwise_cipher == 0 ? "N/A " : "",
                   bss->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
                   bss->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
@@ -381,7 +352,6 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
                   "PSK-SHA256 " : "",
                   bss->key_mgmt & WPA_KEY_MGMT_OWE ? "OWE " : "",
                   bss->key_mgmt & WPA_KEY_MGMT_PASN ? "PASN " : "",
-                  bss->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
                   bss->key_mgmt & WPA_KEY_MGMT_DPP ? "DPP " : "",
                   bss->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B ?
                   "EAP-SUITE-B " : "",

diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
index b2427279482502fcf20bcc9ae66510254de12078..dd58ae521c0d25b2d48d07cfc61da2927ce49d3f 100644 (file)
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@@ -343,10 +343,6 @@ static void elems_from_eapol_ie(struct ieee802_11_elems *elems,
                elems->rsn_ie = ie->rsn_ie + 2;
                elems->rsn_ie_len = ie->rsn_ie_len - 2;
        }
-       if (ie->osen) {
-               elems->osen = ie->osen + 2;
-               elems->osen_len = ie->osen_len - 2;
-       }
 }
 
 
@@ -601,7 +597,6 @@ static u8 * decrypt_eapol_key_data(struct wlantest *wt,
                return decrypt_eapol_key_data_aes(wt, kek, kek_len, hdr,
                                                  keydata, keydatalen, len);
        case WPA_KEY_INFO_TYPE_AKM_DEFINED:
-               /* For now, assume this is OSEN */
                return decrypt_eapol_key_data_aes(wt, kek, kek_len, hdr,
                                                  keydata, keydatalen, len);
        default:

diff --git a/wlantest/sta.c b/wlantest/sta.c
index 0ec5692e4343540b5756d0ac41e0388f89794d3a..7bc96f7224c98a2a9ebe9cf8b647c942653b9ce1 100644 (file)
--- a/wlantest/sta.c
+++ b/wlantest/sta.c
@@ -154,15 +154,6 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
                elems->rsn_ie = NULL;
        }
 
-       if (elems->osen && !bss->osenie[0] &&
-           (bss->beacon_seen || bss->proberesp_seen)) {
-               wpa_printf(MSG_INFO, "OSEN IE included in Association Request "
-                          "frame from " MACSTR " even though BSS does not "
-                          "use OSEN - ignore IE",
-                          MAC2STR(sta->addr));
-               elems->osen = NULL;
-       }
-
        if (elems->wpa_ie && elems->rsn_ie) {
                wpa_printf(MSG_INFO, "Both WPA IE and RSN IE included in "
                           "Association Request frame from " MACSTR,
@@ -189,15 +180,6 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
                        wpa_printf(MSG_INFO, "Failed to parse WPA IE from "
                                   MACSTR, MAC2STR(sta->addr));
                }
-       } else if (elems->osen) {
-               wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
-                           elems->osen_len + 2);
-               os_memcpy(sta->osenie, elems->osen - 2, elems->osen_len + 2);
-               sta->proto = WPA_PROTO_OSEN;
-               sta->pairwise_cipher = WPA_CIPHER_CCMP;
-               sta->key_mgmt = WPA_KEY_MGMT_OSEN;
-               sta->rsn_capab = 0;
-               goto skip_rsn_wpa;
        } else {
                sta->rsnie[0] = 0;
                sta->proto = 0;
@@ -248,15 +230,14 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
 
 skip_rsn_wpa:
        wpa_printf(MSG_INFO, "STA " MACSTR
-                  " proto=%s%s%s%s"
+                  " proto=%s%s%s"
                   "pairwise=%s%s%s%s%s%s%s"
-                  "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
+                  "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
                   "rsn_capab=%s%s%s%s%s%s%s%s%s%s",
                   MAC2STR(sta->addr),
                   sta->proto == 0 ? "OPEN " : "",
                   sta->proto & WPA_PROTO_WPA ? "WPA " : "",
                   sta->proto & WPA_PROTO_RSN ? "WPA2 " : "",
-                  sta->proto & WPA_PROTO_OSEN ? "OSEN " : "",
                   sta->pairwise_cipher == 0 ? "N/A " : "",
                   sta->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
                   sta->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
@@ -278,7 +259,6 @@ skip_rsn_wpa:
                   "PSK-SHA256 " : "",
                   sta->key_mgmt & WPA_KEY_MGMT_OWE ? "OWE " : "",
                   sta->key_mgmt & WPA_KEY_MGMT_PASN ? "PASN " : "",
-                  sta->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
                   sta->key_mgmt & WPA_KEY_MGMT_DPP ? "DPP " : "",
                   sta->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B ?
                   "EAP-SUITE-B " : "",

diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
index 516e341df540f8bb795bef1f8998a925b6e5325a..72b5a02ba8f04952b1e20d62458303e56bb526a3 100644 (file)
--- a/wlantest/wlantest.h
+++ b/wlantest/wlantest.h
@@ -68,7 +68,6 @@ struct wlantest_sta {
        u8 rsnie[257]; /* WPA/RSN IE */
        u8 rsnxe[254]; /* RSNXE data */
        size_t rsnxe_len;
-       u8 osenie[257]; /* OSEN IE */
        int proto;
        int pairwise_cipher;
        int group_cipher;

diff --git a/wpa_supplicant/README-HS20 b/wpa_supplicant/README-HS20
index 7d30e23c6d664bd407afd15b170070b13746c1f8..f5488f20410250b70876e698f9621e428ec94bf6 100644 (file)
--- a/wpa_supplicant/README-HS20
+++ b/wpa_supplicant/README-HS20
@@ -618,28 +618,6 @@ OK
 <3>ANQP fetch completed
 
 
-Hotspot 2.0 Rel 2 online signup and OSEN
-----------------------------------------
-
-Following parameters can be used to create a network profile for
-link-layer protected Hotspot 2.0 online signup connection with
-OSEN. Note that ssid and identify (NAI) values need to be set based on
-the information for the selected provider in the OSU Providers list
-ANQP-element.
-
-network={
-    ssid="HS 2.0 OSU"
-    proto=OSEN
-    key_mgmt=OSEN
-    pairwise=CCMP
-    group=GTK_NOT_USED
-    eap=WFA-UNAUTH-TLS
-    identity="anonymous@example.com"
-    ca_cert="osu-ca.pem"
-    ocsp=2
-}
-
-
 Hotspot 2.0 connection with external network selection
 ------------------------------------------------------
 

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 6dfb3165a9872e5fa38a8d98553403bcfb664a31..1cad3e7d374291a85bcf700b09a05f3b9389e99b 100644 (file)
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -693,8 +693,6 @@ static int wpa_config_parse_proto(const struct parse_data *data,
                else if (os_strcmp(start, "RSN") == 0 ||
                         os_strcmp(start, "WPA2") == 0)
                        val |= WPA_PROTO_RSN;
-               else if (os_strcmp(start, "OSEN") == 0)
-                       val |= WPA_PROTO_OSEN;
                else {
                        wpa_printf(MSG_ERROR, "Line %d: invalid proto '%s'",
                                   line, start);
@@ -749,14 +747,6 @@ static char * wpa_config_write_proto(const struct parse_data *data,
                pos += ret;
        }
 
-       if (ssid->proto & WPA_PROTO_OSEN) {
-               ret = os_snprintf(pos, end - pos, "%sOSEN",
-                                 pos == buf ? "" : " ");
-               if (os_snprintf_error(end - pos, ret))
-                       return buf;
-               pos += ret;
-       }
-
        if (pos == buf) {
                os_free(buf);
                buf = NULL;
@@ -831,10 +821,6 @@ static int wpa_config_parse_key_mgmt(const struct parse_data *data,
                else if (os_strcmp(start, "FT-SAE-EXT-KEY") == 0)
                        val |= WPA_KEY_MGMT_FT_SAE_EXT_KEY;
 #endif /* CONFIG_SAE */
-#ifdef CONFIG_HS20
-               else if (os_strcmp(start, "OSEN") == 0)
-                       val |= WPA_KEY_MGMT_OSEN;
-#endif /* CONFIG_HS20 */
 #ifdef CONFIG_SUITEB
                else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0)
                        val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B;
@@ -1071,18 +1057,6 @@ static char * wpa_config_write_key_mgmt(const struct parse_data *data,
        }
 #endif /* CONFIG_SAE */
 
-#ifdef CONFIG_HS20
-       if (ssid->key_mgmt & WPA_KEY_MGMT_OSEN) {
-               ret = os_snprintf(pos, end - pos, "%sOSEN",
-                                 pos == buf ? "" : " ");
-               if (os_snprintf_error(end - pos, ret)) {
-                       end[-1] = '\0';
-                       return buf;
-               }
-               pos += ret;
-       }
-#endif /* CONFIG_HS20 */
-
 #ifdef CONFIG_SUITEB
        if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
                ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SUITE-B",

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 85fbbe45824d1c9fc168942162f16436496589ca..575ec99236d310bcadde0f426c25542e8f723b94 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -3014,14 +3014,6 @@ static char * wpa_supplicant_ie_txt(char *pos, char *end, const char *proto,
        }
 #endif /* CONFIG_DPP */
 
-       if (data.key_mgmt & WPA_KEY_MGMT_OSEN) {
-               ret = os_snprintf(pos, end - pos, "%sOSEN",
-                                 pos == start ? "" : "+");
-               if (os_snprintf_error(end - pos, ret))
-                       return pos;
-               pos += ret;
-       }
-
 #ifdef CONFIG_SHA384
        if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) {
                ret = os_snprintf(pos, end - pos, "%sEAP-SHA384",
@@ -3099,7 +3091,7 @@ static int wpa_supplicant_ctrl_iface_scan_result(
 {
        char *pos, *end;
        int ret;
-       const u8 *ie, *ie2, *osen_ie, *p2p, *mesh, *owe, *rsnxe;
+       const u8 *ie, *ie2, *p2p, *mesh, *owe, *rsnxe;
 
        mesh = wpa_bss_get_ie(bss, WLAN_EID_MESH_ID);
        p2p = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE);
@@ -3139,10 +3131,6 @@ static int wpa_supplicant_ctrl_iface_scan_result(
                        return -1;
                pos += ret;
        }
-       osen_ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-       if (osen_ie)
-               pos = wpa_supplicant_ie_txt(pos, end, "OSEN",
-                                           osen_ie, 2 + osen_ie[1]);
        owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
        if (owe) {
                ret = os_snprintf(pos, end - pos,
@@ -3152,7 +3140,7 @@ static int wpa_supplicant_ctrl_iface_scan_result(
                pos += ret;
        }
        pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
-       if (!ie && !ie2 && !osen_ie && (bss->caps & IEEE80211_CAP_PRIVACY)) {
+       if (!ie && !ie2 && (bss->caps & IEEE80211_CAP_PRIVACY)) {
                ret = os_snprintf(pos, end - pos, "[WEP]");
                if (os_snprintf_error(end - pos, ret))
                        return -1;
@@ -4462,14 +4450,6 @@ static int ctrl_iface_get_capability_key_mgmt(int res, bool strict,
                pos += ret;
        }
 #endif /* CONFIG_SHA256 */
-#ifdef CONFIG_HS20
-       if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OSEN) {
-               ret = os_snprintf(pos, end - pos, " OSEN");
-               if (os_snprintf_error(end - pos, ret))
-                       return pos - buf;
-               pos += ret;
-       }
-#endif /* CONFIG_HS20 */
 
        return pos - buf;
 }
@@ -5331,7 +5311,7 @@ static int print_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
        size_t i;
        int ret;
        char *pos, *end;
-       const u8 *ie, *ie2, *osen_ie, *mesh, *owe, *rsnxe;
+       const u8 *ie, *ie2, *mesh, *owe, *rsnxe;
 
        pos = buf;
        end = buf + buflen;
@@ -5464,10 +5444,6 @@ static int print_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
                                return 0;
                        pos += ret;
                }
-               osen_ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-               if (osen_ie)
-                       pos = wpa_supplicant_ie_txt(pos, end, "OSEN",
-                                                   osen_ie, 2 + osen_ie[1]);
                owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
                if (owe) {
                        ret = os_snprintf(
@@ -5478,7 +5454,7 @@ static int print_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
                        pos += ret;
                }
                pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
-               if (!ie && !ie2 && !osen_ie &&
+               if (!ie && !ie2 &&
                    (bss->caps & IEEE80211_CAP_PRIVACY)) {
                        ret = os_snprintf(pos, end - pos, "[WEP]");
                        if (os_snprintf_error(end - pos, ret))

diff --git a/wpa_supplicant/eap_register.c b/wpa_supplicant/eap_register.c
index 3f018c4b3c32f8ff63659771c1f2039f4df07621..794ec19ad89029303c61114ec3eb034699b68169 100644 (file)
--- a/wpa_supplicant/eap_register.c
+++ b/wpa_supplicant/eap_register.c
@@ -40,13 +40,6 @@ int eap_register_methods(void)
                ret = eap_peer_unauth_tls_register();
 #endif /* EAP_UNAUTH_TLS */
 
-#ifdef EAP_TLS
-#ifdef CONFIG_HS20
-       if (ret == 0)
-               ret = eap_peer_wfa_unauth_tls_register();
-#endif /* CONFIG_HS20 */
-#endif /* EAP_TLS */
-
 #ifdef EAP_MSCHAPv2
        if (ret == 0)
                ret = eap_peer_mschapv2_register();

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 89d4036ae8fc6e15dd966440f96976e24062699c..1568fccf78e934b69ceec13879256ee8fe090d70 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -639,9 +639,6 @@ static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
        if (wpa_key_mgmt_wpa(ssid->key_mgmt))
                privacy = 1;
 
-       if (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)
-               privacy = 1;
-
        if (bss->caps & IEEE80211_CAP_PRIVACY)
                return privacy;
        return !privacy;
@@ -681,7 +678,7 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
                return 0;
        }
 
-       while ((ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) && rsn_ie) {
+       while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) {
                proto_match++;
 
                if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) {
@@ -716,8 +713,7 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
                }
 #endif /* CONFIG_WEP */
 
-               if (!(ie.proto & ssid->proto) &&
-                   !(ssid->proto & WPA_PROTO_OSEN)) {
+               if (!(ie.proto & ssid->proto)) {
                        if (debug_print)
                                wpa_dbg(wpa_s, MSG_DEBUG,
                                        "   skip RSN IE - proto mismatch");
@@ -919,13 +915,6 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
                return 0;
        }
 
-       if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) &&
-           wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE)) {
-               if (debug_print)
-                       wpa_dbg(wpa_s, MSG_DEBUG, "   allow in OSEN");
-               return 1;
-       }
-
        if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) {
                if (debug_print)
                        wpa_dbg(wpa_s, MSG_DEBUG, "   allow in non-WPA/WPA2");
@@ -1268,10 +1257,7 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
                            bool debug_print)
 {
        int res;
-       bool wpa, check_ssid, osen, rsn_osen = false;
-#ifndef CONFIG_NO_WPA
-       struct wpa_ie_data data;
-#endif /* CONFIG_NO_WPA */
+       bool wpa, check_ssid = false;
 #ifdef CONFIG_MBO
        const u8 *assoc_disallow;
 #endif /* CONFIG_MBO */
@@ -1285,13 +1271,6 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
        wpa = ie && ie[1];
        ie = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
        wpa |= ie && ie[1];
-#ifndef CONFIG_NO_WPA
-       if (ie && wpa_parse_wpa_ie_rsn(ie, 2 + ie[1], &data) == 0 &&
-           (data.key_mgmt & WPA_KEY_MGMT_OSEN))
-               rsn_osen = true;
-#endif /* CONFIG_NO_WPA */
-       ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-       osen = ie != NULL;
 
 #ifdef CONFIG_SAE
        ie = wpa_bss_get_rsnxe(wpa_s, bss, ssid, false);
@@ -1380,7 +1359,7 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
        if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss, debug_print))
                return false;
 
-       if (!osen && !wpa &&
+       if (!wpa &&
            !(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
            !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
            !(ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
@@ -1400,13 +1379,6 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
        }
 #endif /* CONFIG_WEP */
 
-       if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && !osen && !rsn_osen) {
-               if (debug_print)
-                       wpa_dbg(wpa_s, MSG_DEBUG,
-                               "   skip - non-OSEN network not allowed");
-               return false;
-       }
-
        if (!wpa_supplicant_match_privacy(bss, ssid)) {
                if (debug_print)
                        wpa_dbg(wpa_s, MSG_DEBUG, "   skip - privacy mismatch");
@@ -1644,7 +1616,6 @@ struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
        u8 wpa_ie_len, rsn_ie_len;
        const u8 *ie;
        struct wpa_ssid *ssid;
-       int osen;
        const u8 *match_ssid;
        size_t match_ssid_len;
        int bssid_ignore_count;
@@ -1655,12 +1626,9 @@ struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
        ie = wpa_bss_get_rsne(wpa_s, bss, NULL, false);
        rsn_ie_len = ie ? ie[1] : 0;
 
-       ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
-       osen = ie != NULL;
-
        if (debug_print) {
                wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR
-                       " ssid='%s' wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d freq=%d %s%s%s",
+                       " ssid='%s' wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d freq=%d %s%s",
                        i, MAC2STR(bss->bssid),
                        wpa_ssid_txt(bss->ssid, bss->ssid_len),
                        wpa_ie_len, rsn_ie_len, bss->caps, bss->level,
@@ -1669,8 +1637,7 @@ struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
                        " wps" : "",
                        (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) ||
                         wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE))
-                       ? " p2p" : "",
-                       osen ? " osen=1" : "");
+                       ? " p2p" : "");
        }
 
        bssid_ignore_count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid);
@@ -3271,8 +3238,7 @@ static int wpa_supplicant_use_own_rsne_params(struct wpa_supplicant *wpa_s,
        wpa_s->wpa_proto = ie.proto;
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, wpa_s->wpa_proto);
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
-                        !!(wpa_s->wpa_proto &
-                           (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
+                        !!(wpa_s->wpa_proto & WPA_PROTO_RSN));
 
        /* Update AKMP suite from (Re)Association Request frame info */
        sel = ie.key_mgmt;
@@ -3353,7 +3319,7 @@ static int wpa_supplicant_use_own_rsne_params(struct wpa_supplicant *wpa_s,
        /* Update GTK and IGTK from AP's RSNE */
        found = false;
 
-       if (wpa_s->wpa_proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) {
+       if (wpa_s->wpa_proto & WPA_PROTO_RSN) {
                const u8 *bss_rsn;
 
                bss_rsn = wpa_bss_get_rsne(wpa_s, bss, ssid,

diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 3ed8813f1d42ee3e4640b8d8ea16adfb6cad51a9..85df90392b85f055b6384cc1d6e563246861826b 100644 (file)
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -1079,23 +1079,13 @@ void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
        hs20_free_osu_prov(wpa_s);
 
        dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
-               struct wpa_ie_data data;
-               const u8 *ie;
-
                if (bss->anqp == NULL)
                        continue;
                prov_anqp = bss->anqp->hs20_osu_providers_list;
                if (prov_anqp == NULL)
                        continue;
-               ie = wpa_bss_get_rsne(wpa_s, bss, NULL, false);
-               if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &data) == 0 &&
-                   (data.key_mgmt & WPA_KEY_MGMT_OSEN)) {
-                       osu_ssid2 = bss->ssid;
-                       osu_ssid2_len = bss->ssid_len;
-               } else {
-                       osu_ssid2 = NULL;
-                       osu_ssid2_len = 0;
-               }
+               osu_ssid2 = NULL;
+               osu_ssid2_len = 0;
                wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from "
                           MACSTR, MAC2STR(bss->bssid));
                wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list",

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index cae65a76a5f79a0c0c4d5d668c176cf00482c53b..806e4b1efa31da53e4a73ae1666de27b357e872f 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -719,21 +719,6 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
                        wpas_connect_work_done(wpa_s);
                        return;
                }
-#ifdef CONFIG_HS20
-       } else if (wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
-                  (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
-               /* No PMKSA caching, but otherwise similar to RSN/WPA */
-               wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
-               if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
-                                             wpa_s->sme.assoc_req_ie,
-                                             &wpa_s->sme.assoc_req_ie_len,
-                                             false)) {
-                       wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
-                               "key management and encryption suites");
-                       wpas_connect_work_done(wpa_s);
-                       return;
-               }
-#endif /* CONFIG_HS20 */
        } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
                   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
                /*
@@ -2713,10 +2698,6 @@ mscs_fail:
                params.wpa_proto = WPA_PROTO_WPA;
                wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
                                        elems.wpa_ie_len + 2);
-       } else if (elems.osen) {
-               params.wpa_proto = WPA_PROTO_OSEN;
-               wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.osen - 2,
-                                       elems.osen_len + 2);
        } else
                wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
        if (elems.rsnxe)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index af19f228dac0e7df2682fbda39cf560dc7d213cc..2ad6b5353d7222a78c7252c01a1924b637cb6be6 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1811,16 +1811,15 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_SAE
        enum sae_pwe sae_pwe;
 #endif /* CONFIG_SAE */
-       const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
+       const u8 *bss_wpa, *bss_rsn, *bss_rsnx;
        bool wmm;
 
        if (bss) {
                bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
                bss_rsn = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
                bss_rsnx = wpa_bss_get_rsnxe(wpa_s, bss, ssid, false);
-               bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
        } else {
-               bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
+               bss_wpa = bss_rsn = bss_rsnx = NULL;
        }
 
        if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
@@ -1836,34 +1835,17 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
                   (ie.key_mgmt & ssid->key_mgmt)) {
                wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
                proto = WPA_PROTO_WPA;
-#ifdef CONFIG_HS20
-       } else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
-                  wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
-                  (ie.group_cipher & ssid->group_cipher) &&
-                  (ie.pairwise_cipher & ssid->pairwise_cipher) &&
-                  (ie.key_mgmt & ssid->key_mgmt)) {
-               wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
-               proto = WPA_PROTO_OSEN;
-       } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
-           wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
-           (ie.group_cipher & ssid->group_cipher) &&
-           (ie.pairwise_cipher & ssid->pairwise_cipher) &&
-           (ie.key_mgmt & ssid->key_mgmt)) {
-               wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
-               proto = WPA_PROTO_RSN;
-#endif /* CONFIG_HS20 */
        } else if (bss) {
                wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
                wpa_dbg(wpa_s, MSG_DEBUG,
                        "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
                        ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
                        ssid->key_mgmt);
-               wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
+               wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s",
                        MAC2STR(bss->bssid),
                        wpa_ssid_txt(bss->ssid, bss->ssid_len),
                        bss_wpa ? " WPA" : "",
-                       bss_rsn ? " RSN" : "",
-                       bss_osen ? " OSEN" : "");
+                       bss_rsn ? " RSN" : "");
                if (bss_rsn) {
                        wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
                        if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
@@ -1890,9 +1872,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
                }
                return -1;
        } else {
-               if (ssid->proto & WPA_PROTO_OSEN)
-                       proto = WPA_PROTO_OSEN;
-               else if (ssid->proto & WPA_PROTO_RSN)
+               if (ssid->proto & WPA_PROTO_RSN)
                        proto = WPA_PROTO_RSN;
                else
                        proto = WPA_PROTO_WPA;
@@ -1922,7 +1902,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_OWE
                        if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
                            !ssid->owe_only &&
-                           !bss_wpa && !bss_rsn && !bss_osen) {
+                           !bss_wpa && !bss_rsn) {
                                wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
                                wpa_s->wpa_proto = 0;
                                *wpa_ie_len = 0;
@@ -1946,7 +1926,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
        wpa_s->wpa_proto = proto;
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
-                        !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
+                        !!(ssid->proto & WPA_PROTO_RSN));
 
        if (bss || !wpa_s->ap_ies_from_associnfo) {
                const u8 *rsnoe = NULL, *rsno2e = NULL, *rsnxoe = NULL;
@@ -2134,11 +2114,6 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
        } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
                wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
                wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
-#ifdef CONFIG_HS20
-       } else if (sel & WPA_KEY_MGMT_OSEN) {
-               wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
-               wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
-#endif /* CONFIG_HS20 */
 #ifdef CONFIG_OWE
        } else if (sel & WPA_KEY_MGMT_OWE) {
                wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
@@ -3715,19 +3690,6 @@ static u8 * wpas_populate_assoc_ies(
                        os_free(wpa_ie);
                        return NULL;
                }
-#ifdef CONFIG_HS20
-       } else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
-                  (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
-               /* No PMKSA caching, but otherwise similar to RSN/WPA */
-               wpa_ie_len = max_wpa_ie_len;
-               if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
-                                             wpa_ie, &wpa_ie_len, false)) {
-                       wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
-                               "key management and encryption suites");
-                       os_free(wpa_ie);
-                       return NULL;
-               }
-#endif /* CONFIG_HS20 */
        } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
                   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
                /*